How To: Defer AV Scanning When Device is In Use

Version 8

    Verified Product Versions

    LANDESK Management Suite 9.6LANDESK Management Suite 2016.xLANDESK Endpoint Manager 2017.x

    Purpose

     

    The purpose of this document is to outline how to control when Ivanti Antivirus performs a full virus scan in your environment. The controlling process for an antivirus scan is AVP.exe. This process, when performing a full scan consumes a significant amount of resources (CPU and Memory), placing undesirable slowness on the system. The ability to throttle resource consumption isn't available, however, we can place restrictions around when AVP.exe initiates a full scan. Enabling this feature must be done client side but the permission is not enabled by default. This document will outline the core side configuration as well as what needs to be configured on (1) of your endpoints before this functionality can be disseminated throughout your environment.

     

    Step 1: Allow Permissions (Ivanti AV Agent Settings Core Configuration)

     

     

    The initial configuration happens on the core within the Antivirus Agent Settings. To access this setting navigate to the following location and double click on the desired Antivirus setting to view the properties:

     

    Tools | Configuration | Agent Settings

     

    The default setting will reside under Public agent settings | Security | LANDESK Antivirus. You can enable the permissions on any Antivirus setting you elect. It is recommended that the Ivanti Administrator isolate the permission (provide least privilege) to individuals who need them.

    CoreAVMain.jpg

    From within the properties of the LANDESK Antivirus settings select Permissions and ensure the following options are checked:

    CoreAVPermissions.jpg

     

    • Allow user to update definitions
    • Allow user to change settings
    • Allow user to schedule scans

    Once selected, save the settings and create a Change Settings task to make your modifications available to the desired endpoint.

     

    Step 2: Change Settings Task

     

    If you modify a setting that is already assigned to an endpoint, the Ivanti client side local scheduler will automatically retrieve the updated settings when the vulnerability scanner (vulscan.exe) runs. The change settings task makes the change more immediate. You can also manually run vulscan /changesettings /showui on the desired client

     

    To create a Change Settings Change Settings Task Open the Ivanti Management Suite console. Select Tools | Security and Compliance | Agent Settings. Select the  Create a Task option and choose Change Settings.

     

    changesettings.jpg

     

    This will display and Patch and Compliance - change setting task interface. Give the task a name and and under Type | LANDESK Antivirus click on "Keep agent's current settings" to display a drop-down menu of available settings. Select the setting you modified.

     

    AVChangesettings.jpg

     

    Under Task Settings select whether you want it to be a Policy-supported push, policy or push task. The default and recommended option is Policy-supported push.

     

    TaskSettings.jpg

     

    Select Targets and under Targeted items choose your desired option, select Add and choose your target. In this document, Targeted devices will be used.

     

    targeteddevices.jpg

    Save and start your task.

     

    Step 3: Suspend Full Scan While Device is in Use (Client Side Configuration)

     

    To access the Ivanti AV Client configuration, log into the endpoint you allowed the permissions on and open the Ivanti Antivirus application.

     

    AV_ClientSideMain.png

     

    Select the Settings tab | Full Scan and choose Run Mode

     

    AVSettings.png

     

    This will open a Full Scan interface. Select the Run Mode tab and under Run Mode choose "By Schedule". Ensure "Suspend scheduled scanning when the screensaver is off and the computer is unlocked" is selected. This function will prevent the AVP process from running when your device meets this criteria. You can further adjust the scheduling options to meet your needs, when done, choose "OK".

     

    suspend.jpg

    Step 4: Export Client Settings

     

    Once you have your settings configured on the client, we must now export the configuration(.cfg) file and import the configuration to the core server. To do this conduct the following:

     

    From within the Settings tab choose Advanced Settings and under Managed Settings select Save. Give the .cfg file a unique name and save it on a share accessible by the core server.

     

    Export.jpg

     

    Step 5: Import Client Settings to Core

     

    Importing client Antivirus configurations into the Ivanti Management console will provide the ability to push customized *.cfg files to other clients.

     

    Open Agent Settings | LANDESK Antivirus | Advanced Settings | Import Kaspersky settings. Ensure the following options are selected:

    • Import settings file from a Kaspersky antivirus client
    • use imported scan settings (Full Scan, Critical Area Scan, Custom Scan).

     

    Under "Current configuration imported from" browse to the .cfg file you saved.

     

    ImportedSettings.jpg

     

    Save your setting and create a new change settings task, targeting your desired endpoints.