About Antivirus information in the LANDESK Inventory

Version 7

    Verified Product Versions

    LANDESK Management Suite 9.5LANDESK Management Suite 9.6LANDESK Management Suite 2016.x

    Description

    This document describes the Antivirus information contained in the Inventory for a Managed LANDESK client.

    The inventory information is located under the following section in the LANDESK Inventory:

     

    AntivirusInventory.jpg

    Note: Antivirus information returned is not exclusive to LANDESK Antivirus.   Inventory information for Antivirus can be returned for any third party vendor that LANDESK supports managing.

    Vendor information supported at the time of the writing of this article

    Avast, AVG, Avira, BitDefender, Bullguard, CA Total Defense, eScan, ESET NOD32, eTrust, Gdata, Kaspersky, McAfee, Microsoft Forefront, Microsoft Windows Defender, Panda Antivirus, Shavlik Antivirus, Sophos, Symantec, Trend Micro, and VIPRE.

    Example: information returned about Windows Defender.

    WindowsDefender.jpg

     

    LDAVHLPR.DLL

     

    Antivirus information gets updated when an Inventory scan runs or when a vulnerability scan runs.

    This information is gathered by a helper file for Vulscan and for the Inventory scanner called LDAVHLPR.DLL.

    LDAVHLPR.DLL is periodically updated to add new or changed Antivirus vendor information as necessary as the vendor changes it.

    LDAVHLPR.DLL often will need updating when the vendor releases a new service pack, etc.

    LDAVHLPR is delivered through the LANDESK Software updates mechanism in the Patch and Compliance Tool under Download Updates ->

    LDAVHLPRDefinition.jpg

    It is important to ensure that the LDAVHLPR.DLL from the "Third Party Antivirus Content LANDESK Updates requirement" definiition is installed.

     

    Note: The LDAVHLPR in the patch should be compared to the LDAVHLPR in the latest Service Update or Service Pack.  It is not necessarily a later version than the Service Update or Service Pack.   If it is an older version the client with the newer version will not update with the older version from the core.

     

    Steps to install the Third Party Antivirus content patch

    1. Double-click on the definition to open it's properties
    2. Right-click on the Rule and click "Download Patch"
    3. The download window will come up and when it finishes click "Close"
    4. Right click the Rule again and select "Open Patch Folder"
    5. Double-click the downloaded patch.
    6. Extract the contents of the patch to a directory of your choice on the core and then run Setup.exe.

     

    All the patch does is install the LDAVHLPR.DLL file to your LDLOGON directory on the core.   The next time the vulnerability scanner runs it will auto-update the client that version of LDAVHLPR.DLL

     

    In addition there is one more location where Antivirus-related information exists:

    LastAntivirusUpdates.jpg

    This information is at the top level in the inventory and then near the bottom of the right-hand pane.

    This is referring to the definition date that is downloaded in the Patch and Compliance tool.

    PatchAndComplianceAntivirusUpdates.jpg

     

    Adding Antivirus information to column sets

     

    In order to ensure that real-time protection is running, the product is up to date, and that the latest virus definitions are being used it is recommended to add Antivirus information to your column set.

     

    Follow these instructions to create the correct column set:

     

    1. Under the "Administration" tool group open the "Column set configuration" tool.
    2. Right-click "My Column Sets" or "Public Column Sets" and select "New Column Set"
    3. In the top pane scroll down to and expand "Security" and then "Antivirus Software" and then "Antivirus"
    4. Double click the following in order:
      • Product Name
      • Product Version
      • Definition Publish Date
      • Auto Protect
    5. In the top pane go to the top of the tree and then look downward for the "LANDESK Management" node.
    6. And expand the "Agent Settings" sub-node and double-click "Unique ID"
    7. Go upward in the tree and find top-level node "Common Base Agent 8" and expand it.
    8. Double-click on "Version".

     

    At this point your columns should look like this:AVColumns.jpg

    To make reading this window easier it should be dragged to a larger size and the Column headers double clicked to make them auto-fit. There are a few more steps to complete to make the data more presentable:

    Changing Alias Names

     

    First, change the alias names.  This is done by double-clicking the existing names under "Alias" Here are the suggestions:

     

    Original NameReplacement Name
    Product NameAntivirus Product
    Definition Publish DatesdPattern File Date
    Product VersionAntivirus Version
    Auto ProtectRealtime Scanner
    Unique IDAV Settings ID
    VersionLDMS Version

     

    A few more changes will be necessary to show the correct data.  Several columns can apply to different items, so we need to qualify which entry we are looking for.  As an example, Unique ID can apply to any number of settings, so we will need to qualify that we want the Antivirus Setting.

     

     

    Qualifying the data

    When a field is pointed to that has more than one sub-field, you must use the qualify option Steps to qualify the data we are looking for:

    1. Click on the "Qualifer" field next to "Computer"."LANDesk Management"."Agent Settings"."Unique ID"
    2. Click the "Qualify" button and select "LANDesk Antivirus"

     

    Resulting Column Set

    FinalAVColumns.jpg

    There may be times that a computer is listed 2 or more times.   This can occur if more than one antivirus solution is detected as installed.  If you look in the inventory at this information you will find Security -> Antivirus -> 0 and Antivirus -> 1 (two separate subnodes) with Antivirus information. This is demonstrated by the computers highlighted in red above.