Issue: Ivanti Antivirus installation fails

Version 4

    Verified Product Versions

    Endpoint Manager 2016.xEndpoint Manager 2017.x


    This mostly occurs when trying to upgrade the Agent with AV to a higher version. When trying to install the newer version the local InstallAV logfile in %Programdata%\landesk\log keeps returning error 80004005; A reboot is needed to continue the installation. After a reboot the same error still occurs.



    There can be different reasons for this error:


    The uninstall couldn't remove some hidden services

    Check the registry. Look at HKLM\System\CurrentControlSet\Services. Under this key, you will find several KL* keys all related to Kaspersky drivers. When you try to delete them manually, you will get an access denied failure. To resolve this, boot the device in Safe Mode. Now you will be able to delete the keys. Be careful to only delete Kaspersky services! After a reboot back into normal mode, the AV installation will continue.


    A Pending filename reboot that can't complete

    Navigate to HKLM\System\CurrentControlSet\Control\Session Manager. Look at the content of the FileRenameOperations or PendingFileRenameOperations key (depending OS). Delete anything related to AV.


    There is an installation stuck in progress

    Navigate to HKLM\Software\Microsoft\Windows\CurrentVersion\Installer. Delete any InProgress values. Repeat for  HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Installer


    Remove the automatic starts of the AV Installer after reboot

    Navigate to HKLM\Software\WOW6432Node\Landesk\ManagementSuite\Winclient\Vulscan Remove any values related to InstallAV

    Open in notepad the C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\actions.ini (remove (x86) on 32-bit system). Remove any lines related to InstallAV


    An orphaned UpdateExeVolatile registry value

    Navigate to HKLM\Software\Microsoft\Updates. Reset any 'UpdateExeVolatile' values to '0'. Repeat for  HKLM\Software\WOW6432Node\Microsoft\Updates