Preview Tool

Cisco Bug: CSCsz72810 - InCorectly added "Host Scan File Check e.g 'C:\' " breaks DAP Policies

Last Modified

Nov 08, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)


Configured DAP polices are not working and User is 'Always' being matched against the "DfltAccessPolicy".
The Host Scan Log on the User PC shows that the PC satisfied the requirements
E.g. Anti-Virus, OS Check etc

But ASA still assigned the User to the DfltAccessPolicy.


This could happen, if an "In-Correct" Basic Host Scan is added for checking the presence of a File on the User PC.
E.g The check was added as "C:\" instead of "C:\filename".

This issue will occur, even if the In-Correct Host Scan entry is Not being referenced in any of the configured DAPs.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.