Manually updating the Kaspersky AV pattern files on a LANDesk core that is not connected to the internet

Version 1

    Verified Product Versions

    LANDESK Management Suite 9.6

    Scope:

     

    This document applies to LANDESK AV 10 & Kaspersky Endpoint Security 10 (KES10). Which is LDMS 9.5 SP1 and SP2. This applies to Windows AV pattern files only.

     

     

    Issue:

     

    The core is not connected to the internet so AV pattern files (virus defintions) cannot be downloaded automatically. However, there is a PC/Server that is connected to the internet in the environment.

     

     

    Solution:

     

    Follow these steps for the initial setup of the process:

     

    1. Create a parent folder (any folder name or path) on the PC that is connected to the internet. For example: “C:\temp”
    2. Under this folder create a folder called “ldlogon”. So now we will have “C:\temp\ldlogon”
    3. Now, from the core server, copy these files: libeay32.dll, ssleay32.dll and curllib.dll to the folder in #2 above (“C:\temp\ldogon”). These three files are found in the “…\landesk\ManagementSuite\ldlogon…” folder.
    4. Next create a folder called “Antivirus8” under the folder crated in #2 above. In the example we will now have: “C:\temp\ldlogon\Antivirus8”.
    5. From the core server, copy all the files under the “Antivirus8” folder (but not any of the sub folders) to #4 above. In the example “C:\temp\ldlogon\Antivirus8”
    6. Now create a folder called “win” under the structure above (“C:\temp\ldlogon\Antivirus8”). So we will have for the example: “c:\temp\ldlogon\Antivirus8\win”
    7. Create a log folder (any folder name or path). For example “c:\temp\log”

     

    Follow these steps each time pattern files are to be updated:

    1. Delete: C:\temp\ldlogon\antivirus8\win\pre.basesEP on the PC that is connected to the internet. This is to ensure that the old pattern files won’t be included (except for the first time doing this process).
    2. Next run “getbases.exe” by executing the following at a “cmd” prompt:

              C:\temp\ldlogon\antivirus8\GetBases.exe /log=C:\temp\log\GetBases.exe.log /ep /url=kaspersky /type=1

    When this is run many messages will scroll past on the cmd window.  All of these messages are written to the log called getbasese.exe.log. Open the log when this finishes. If this is successful, getbases.exe will return “0”, in which case continue. Otherwise, fix the download process first.  

    1. On the core server, delete the contents of the …landesk\managementsuite\ldlogon\antivirus8\pre.basesEP folder. It can also be archived or renamed. It just needs to “not be present" for the steps that follow.
    2. A backup of the current pattern files can be done at this time, if desired. If these files are going to be backed up, do the following, otherwise skip to step 5:

    a. Create a folder (any folder) under \\core\ldlogon\antivirus8\Win\backups\

    b. This folder name can be anything but LANDesk names it with the yyyy-mm-dd hhmmss format.

    c. Copy the contents of: \\core\ldlogon\antivirus8\Win\basesEP to this new folder. (Ensure that av.key is in the root.)

       5.  Copying the new pattern files to the core.

    a.  Delete the contents of \\core\ldlogon\antivirus8\Win\basesEP (this is on the core)

    b. Copy the contents from the PC that is connected to the internet from c:\temp\ldlogon\antivirus8\win\pre.basesEP to the core server at: \\core\ldlogon\antivirus8\Win\basesEP

    c. Be sure to copy the av.key from \\core\ldlogon\antivirus8 folder on the core to the basesEP folder. The av.key is not actually used for KES validation but the LD console uses this to check if it is a valid pattern file set.