How To: Defer AV Scanning When Device is In Use

Version 8

    Verified Product Versions

    LANDESK Management Suite 9.6LANDESK Management Suite 2016.xLANDESK Endpoint Manager 2017.x



    The purpose of this document is to outline how to control when Ivanti Antivirus performs a full virus scan in your environment. The controlling process for an antivirus scan is AVP.exe. This process, when performing a full scan consumes a significant amount of resources (CPU and Memory), placing undesirable slowness on the system. The ability to throttle resource consumption isn't available, however, we can place restrictions around when AVP.exe initiates a full scan. Enabling this feature must be done client side but the permission is not enabled by default. This document will outline the core side configuration as well as what needs to be configured on (1) of your endpoints before this functionality can be disseminated throughout your environment.


    Step 1: Allow Permissions (Ivanti AV Agent Settings Core Configuration)



    The initial configuration happens on the core within the Antivirus Agent Settings. To access this setting navigate to the following location and double click on the desired Antivirus setting to view the properties:


    Tools | Configuration | Agent Settings


    The default setting will reside under Public agent settings | Security | LANDESK Antivirus. You can enable the permissions on any Antivirus setting you elect. It is recommended that the Ivanti Administrator isolate the permission (provide least privilege) to individuals who need them.


    From within the properties of the LANDESK Antivirus settings select Permissions and ensure the following options are checked:



    • Allow user to update definitions
    • Allow user to change settings
    • Allow user to schedule scans

    Once selected, save the settings and create a Change Settings task to make your modifications available to the desired endpoint.


    Step 2: Change Settings Task


    If you modify a setting that is already assigned to an endpoint, the Ivanti client side local scheduler will automatically retrieve the updated settings when the vulnerability scanner (vulscan.exe) runs. The change settings task makes the change more immediate. You can also manually run vulscan /changesettings /showui on the desired client


    To create a Change Settings Change Settings Task Open the Ivanti Management Suite console. Select Tools | Security and Compliance | Agent Settings. Select the  Create a Task option and choose Change Settings.




    This will display and Patch and Compliance - change setting task interface. Give the task a name and and under Type | LANDESK Antivirus click on "Keep agent's current settings" to display a drop-down menu of available settings. Select the setting you modified.




    Under Task Settings select whether you want it to be a Policy-supported push, policy or push task. The default and recommended option is Policy-supported push.




    Select Targets and under Targeted items choose your desired option, select Add and choose your target. In this document, Targeted devices will be used.



    Save and start your task.


    Step 3: Suspend Full Scan While Device is in Use (Client Side Configuration)


    To access the Ivanti AV Client configuration, log into the endpoint you allowed the permissions on and open the Ivanti Antivirus application.




    Select the Settings tab | Full Scan and choose Run Mode




    This will open a Full Scan interface. Select the Run Mode tab and under Run Mode choose "By Schedule". Ensure "Suspend scheduled scanning when the screensaver is off and the computer is unlocked" is selected. This function will prevent the AVP process from running when your device meets this criteria. You can further adjust the scheduling options to meet your needs, when done, choose "OK".



    Step 4: Export Client Settings


    Once you have your settings configured on the client, we must now export the configuration(.cfg) file and import the configuration to the core server. To do this conduct the following:


    From within the Settings tab choose Advanced Settings and under Managed Settings select Save. Give the .cfg file a unique name and save it on a share accessible by the core server.




    Step 5: Import Client Settings to Core


    Importing client Antivirus configurations into the Ivanti Management console will provide the ability to push customized *.cfg files to other clients.


    Open Agent Settings | LANDESK Antivirus | Advanced Settings | Import Kaspersky settings. Ensure the following options are selected:

    • Import settings file from a Kaspersky antivirus client
    • use imported scan settings (Full Scan, Critical Area Scan, Custom Scan).


    Under "Current configuration imported from" browse to the .cfg file you saved.




    Save your setting and create a new change settings task, targeting your desired endpoints.