Getting started with LANDESK Antivirus

Version 13

    Verified Product Versions

    LANDESK Management Suite 9.5LANDESK Management Suite 9.6LANDESK Management Suite 2016.x

    This document serves as a best practices step by step document for setting up, configuring and maintaining LANDESK Antivirus.  This is meant as a quick-start guide and does not go into advanced options.

     

     

     

    After installation of the Core Server and/or purchase of the LANDESK Antivirus product the following steps must be performed prior to deploying LANDESK Antivirus to LDMS clients.

     

    The following LANDESK Antivirus Action Center dialog helps guide the Administrator to install and configure LANDESK Antivirus appropriately:

    AVActionCenter.jpg

    This dialog appears after selecting the LANDESK Antivirus component the first time as part of an Agent Configuration.  It also can be accessed by using the Settings drop-down menu in the Security Activity tool.

     

    Step 1 - Acknowledge removal of other antivirus software

     

    The LANDESK Antivirus installation process will attempt to remove other security software on the computer that is known to conflict with the LANDESK Antivirus product.  Often having more than one security solution installed will result in one or both products malfunctioning, thus reducing the overall security of the system.  This check is to ensure that the administrator is aware that this software will be removed before they can proceed.

     

    Action: Check the box under "Acknowledge that other antivirus software will be removed" .

     

    Step 2 - Import LANDESK Antivirus License

     

    A LANDESK Antivirus and LANDESK Antivirus subscription must be purchased in order to be able to use the product and receive updates (pattern files and product updates).  Antivirus & Malware Detection Software | LANDESK

     

    If you have purchased LANDESK Antivirus and have misplaced your license information:

    Either log a case via support.landesk.com or Contact LANDESK Support by phone.

     

    If contacting by phone do the following:

     

    1. Select Option 1 for Product Activation/Licensing.
    2. Select option 1 again for LDMS/LDSS Licensing support.
    3. Give the Support Engineer your company account name and your contact information.
    4. The Support Engineer will provide a LANDESK Antivirus license key via e-mail.  This .key file will be within a .zip file and will include a .PDF file with the license details.

     

    Actions:

    1. In the LANDESK Antivirus Action Center dialog under "LANDESK Antivirus license key required" click on "Import new license"
    2. Unzip the file provided that contains your license.
    3. Browse to the .KEY file, select it, and then click "Import"
    4. Click "Close"

     

    The current license information should appear in the two lower sections of the LANDESK Antivirus Action Center window.  This information includes the creation date, license number, license information number, activated nodes, maximum count, and the earliest expiration found in your environment (as reported in LANDESK inventory).

     

    Step 3 - Check whether any clients are nearing license expiration

     

    This check ensures that you do not deploy agents using a license key that is near expiration, and also warns of existing clients in the environment that have a license that is nearing expiration.  This warning threshold can be set.  The default is 7 days.

     

    Further client license information can be viewed in the Security Activity tool in the Licenses section.

     

    Step 4 - Download Antivirus Definitions (Pattern Files) and schedule regular pattern file downloads

     

    This check ensures that pattern files have been recently updated.  This will tell you how long ago definitions were downloaded.  In addition this warning threshold can be changed.  The default for the threshold is 3 days.

     

    Download Latest Updates

    1. In the LANDESK Antivirus Action Center click "Go to download updates"
      This will open the LANDESK Antivirus tab of the Download Updates tool.  This tool an be opened again by click on the first icon (Download updates) in the Security Activity tool.
    2. Click "Get latest definitions".  This process may take a while especially if it is the first time updating to the latest definitions (pattern files).
      ScheduleAVUpdates.jpg
          (Click for full size)

    3. Ensure the number of pattern file backups are set to what you desire.   By default this is 5.

     

    Turn off notification in the Action Center for Antivirus versions you do not have

     

    1. Go to each tab Antivirus pattern versions that you do not have in your environment and uncheck the box that says "Notify using LANDESK Antivirus action center".

      Note: In order for the green check box to appear in the LANDESK Antivirus action center for the "Antivirus definitions are up to date" section, you must have either downloaded the definitions for that version or unchecked the "Notify using LANDESK Antivirus action center" box.

     

    Schedule Regular pattern files downloads to the core server

     

    1. Click on the "Updates" tab of the "Download Updates" tool.
    2. Ensure that only Windows / Security / Antivirus / LANDESK Antivirus Updates is selected.
    3. Click "Schedule Download"
    4. Rename the task name to "Download Antivirus Definitions" or "Download Antivirus Pattern files"

     

    This will open the Scheduled Tasks tool and this can be configured to run daily.  (If you want to schedule it to run twice a day or more, multiple scheduled tasks can be created to start at different times)
    ScheduleAVUpdatesScheduledTask.jpg
            (Click for full size)

     

    Clients are configured to download their pattern files from the Core server and fall back to the Internet (direct download from Kaspersky) by default.  This can be configured within the LANDESK Antivirus settings (within the Agent Settings tool and Security with the following 4 options:

     

    • Core only
    • Core first.  Fall back to Internet if core is not available.
    • Internet only.
    • Internet first.  Fall back to core if Internet is not available.

    AVDownloadSources.jpg

            (Click for full size)

     

    Note:

     

    Step 5 - Add and Configure LANDESK Antivirus within the Agent Configuration

     

    1. Open the Agent Configuration tool within the Configuration tool group.
    2. Under the Start section select the LANDESK Antivirus agent component check box.
    3. Under the Distribution and Patch subgroup open the Security and Compliance subgroup and then select LANDESK Antivirus.
    4. Select Configure next to LANDESK Antivirus Settings.
    5. Either create a New configuration or Edit an existing configuration
      AVComponentAgentConfig.jpg
      Within this document we will only focus on scheduling regular pattern file updates and virus scans.  Other configuration options will be left as default.  These should be reviewed prior to saving the configuration.  It assumed that Realtime Protection will be turned on.  Further details about these settings can be found here:
      KL 102.10: Kaspersky Endpoint Security and Management

    6. Click on the Scheduled Tasks section.
    7. It is recommended to do the following:

     

    • Configure Updates to run daily.
    • Configure Full Scan to run weekly.
    • Configure Critical Areas Scan to run daily.

    ClientScheduledTasksAV.jpg

              (Click for full size)


    It is advised to have the scheduled updates run prior to the scan tasks so that the latest definitions possible are used.

     

    Step 6 - Monitor Antivirus Activity

     

    The Security Activity in the Security and Compliance tool group can be used to monitor client Antivirus activity as shown here:

    AVSecurityActivity.jpg

    Step 7 - Adding Antivirus information to column sets

     

    In order to ensure that real-time protection is running, the product is up to date, and that the latest virus definitions are being used it is recommended to add Antivirus information to your column set.

     

    Follow these instructions to create the correct column set:

     

    1. Under the "Administration" tool group open the "Column set configuration" tool.
    2. Right-click "My Column Sets" or "Public Column Sets" and select "New Column Set"
    3. In the top pane scroll down to and expand "Security" and then "Antivirus Software" and then "Antivirus"
    4. Double click the following in order:
      • Product Name
      • Product Version
      • Definition Publish Date
      • Auto Protect
    5. In the top pane go to the top of the tree and then look downward for the "LANDESK Management" node.
    6. And expand the "Agent Settings" sub-node and double-click "Unique ID"
    7. Go upward in the tree and find top-level node "Common Base Agent 8" and expand it.
    8. Double-click on "Version".

     

    At this point your columns should look like this:

    AVColumns.jpg

    To make reading this window easier it should be dragged to a larger size and the Column headers double clicked to make them auto-fit.

     

    There are a few more steps to complete to make the data more presentable:

     

     

    Changing Alias Names

    First, change the alias names.  This is done by double-clicking the existing names under "Alias"

     

    Here are the suggestions:

     

    Original NameReplacement Name
    Product NameAntivirus Product
    Definition Publish DatePattern File Date
    Product VersionAntivirus Version
    Auto ProtectRealtime Scanner
    Unique IDAV Settings ID
    VersionLDMS Version

     

    A few more changes will be necessary to show the correct data.  Several columns can apply to different items, so we need to qualify which entry we are looking for.  As an example, Unique ID can apply to any number of settings, so we will need to qualify that we want the Antivirus Setting.

     

    Qualifying the data

     

    When a field is pointed to that has more than one sub-field, you must use the qualify option

     

    Steps to qualify the data we are looking for:

     

    1. Click on the "Qualifier" field next to "Computer"."LANDESK Management"."Agent Settings"."Unique ID"
    2. Click the "Qualify" button and select "LANDESK Antivirus"

     

    Resulting Column Set

     

    FinalAVColumns.jpg

    There may be times that a computer is listed 2 or more times.   This can occur if more than one antivirus solution is detected as installed.  If you look in the inventory at this information you will find Security -> Antivirus -> 0 and Antivirus -> 1 (two separate subnodes) with Antivirus information. This is demonstrated by the computers highlighted in red above.

     

    Additional Documents

     

    How to troubleshoot LANDESK Antivirus license issues

     

    How to troubleshoot LANDESK Antivirus

     

    How to report undetected malware to LANDESK

     

    LANDESK Antivirus false positive virus detection submission process

     

    Further articles can be found at the LANDESK Antivirus landing page.