|This article refers to Ivanti Antivirus using the Kaspersky engine. This article is not valid for Ivanti Antivirus 2017 (Bitdefender Engine)|
How To Replicate Ivanti Antivirus Pattern Files to a Preferred Server
LANDesk AV is capable of updating virus pattern files in 4 different ways
Download from peer
Download from Preferred Server
Download from Core
Download from Kaspersky
This is also the order in which the client attempts to get the AV pattern file updates by default, moving from one to the next until it can find a device that has current pattern files. The first three methods require communication with the core server to verify the hash for each file that needs to be updated.
Setting a preferred server and keeping it synced with the core server will allow the client to get the pattern files from the preferred server rather than the core. It will only go to Kaspersky if it cannot find any other source.
Setting Up AV to use a Preferred Server
Establish a designated preferred server on the desired subnet. See How to Configure a Preferred Package Server? - http://community.landesk.com/support/docs/DOC-1385
On the preferred server, add .* to the mime types in IIS as application/octet-stream. (Otherwise some file types might not download correctly)
Create a scheduled task on the core server to download pattern files once a day. (See note below)
Setup Content Replication to synchronize pattern files between the core server and preferred server. Synchronize the LDLogon\Antivirus8 folder between the core server and the preferred server(s). Using Ivanti EPM Content Replication - http://community.landesk.com/support/docs/DOC-20779 (This step must occur after the pattern files are updated on the core. Make sure you know how long it takes to get the pattern files down to the preferred server for each location)
Configure the AVBehavior (Antivirus Settings) Virus Definition Updates Schedule to update the pattern files on clients after the time that Robocopy has had time to get the new pattern files down to the preferred server. (The time will be based on the information from step 4 as to how long it takes to get the pattern files out to the preferred server.)
It is imperative that the core server and the preferred server have the same AV pattern files at all times. If the clients check for updates from a peer or a preferred server and the hash on those files do not match those on the core server, the clients will go to the core server to get the individual files or the Bases.cab file.
Make sure that there is only one task that is scheduled to update the antivirus pattern files on the core server. If there is more than one task scheduled, this could cause hash mismatch between the core and the preferred server, which will result in the clients downloading the pattern files from the core rather than the preferred server.