How to schedule Ivanti Antivirus (Kaspersky Engine) scans and pattern file updates

Version 13

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x

    This article refers to Ivanti Antivirus using the Kaspersky engine.  This article is not valid for Ivanti Antivirus 2017 (Bitdefender Engine)

     

    Description

     

    How to best set up the schedules for Antivirus scans and pattern file updates.  This document will address only the scheduling said tasks.   It is recommended that otherwise the default settings be used as Ivanti Antivirus is pre-configured to provide the best balance between performance and security.   Be aware that modifying the default settings may reduce security, or may have an effect on performance.   However, it is recommended to consider your environment and review the settings to ensure that they meet your needs.

     

    How to set up a schedule on the Core Server to regularly download Antivirus pattern files

     

    Ivanti Antivirus using the Kaspersky Engine:

     

    It is recommended to download pattern files to the core server at least daily in order to stay up to date with the latest definitions.   If using Preferred Servers it will be necessary to set up a replication job in between pattern file updates on the core server.  The clients will take advantage of the Ivanti EPM peer download and preferred server technologies, which can significantly save bandwidth.

     

    The following actions all take place on the Core Server or from a Remote Management console.

    1. Open the Agent Settings tool within the Security and Compliance group.
    2. Click on the first icon in the Agent Settings toolbar.   This is the "Download Updates" tool.
    3. On the "Updates" tab open the "Windows" node, then the "Security" node, and then the "Antivirus" node.
    4. Finally, ensure that only "Ivanti Antivirus updates" is selected.  All other categories throughout the tree should be cleared
    5. Click "Schedule Updates" at the bottom of the window.   This will open the "Scheduled update information" window.
    6. Enter in a description such as "Ivanti Antivirus pattern file updates" and click "OK".   This will open the "Schedule task" window.
    7. Click the "Schedule" task section in the left-hand pane, select the "Start Later" radio button, and enter a time for the pattern file updates to start.  Remember that ideally pattern file updates will be downloaded several times a day, however there are times it may be more simple to download updates only once a day.  Updates should be downloaded prior to when the clients will be updating their pattern files if they are using the Core as the source.
    The preferred method is to set up a regular schedule for the pattern files to be updated.

     

    1. In the Agent Settings tool, under the "All Agent Settings" or "My Agent Settings group, open the Security group, then the "Ivanti Antivirus" group and select the desired Antivirus setting to edit.
    2. Go to the "Scheduled Tasks" section and check the box marked "Update" and then select "Change schedule".
    3. You can then set specific times, day of week, frequency, etc for the scan to run.

     

    A full system scan can also be pushed from the core to the client like this:

     

    1. In the "Agent Settings" Tool, click the drop-down next to the "Create a task" icon.  (The 2nd icon)
    2. Select "Ivanti Antivirus Task"
    3. Under "Actions to perform" choose "Update virus definitions".
    4. Choose whether to schedule it as a push or policy task, whether to automatically target all LDAV clients, whether to start now or not, and whether or not to update the virus definitions on the core prior to running the task on the clients.
    5. Select the Ivanti Antivirus setting to use during this task.

     

    There is also a vulnerability definition that can be run that will ensure that the pattern files are no older than X amount of days. If they are the computer can be scanned against that definition and it will cause a pattern file update to launch on the client.

     

    The vulnerability definition is AV-107 titled "LANDESK Virus Definition Files Up to Date".

     

    This configurable definition will detect managed nodes that have not updated their virus definition within the number of days specified in the custom variable, "Number of days Since Last Updated". The default value is 0 which means that the virus definition file on the managed node must match the virus definition file on the LANDesk core.

     

    Configuring regular Antivirus pattern file updates within the Ivanti Antivirus Settings

    1. In the LANDESK Management Suite Console, open the Agent Settings tool and select the correct Antivirus behavior under All Agent Settings or My Agent Settings, and then Antivirus node.
    2. Select the Antivirus behavior that the affected clients are using and select "Edit".
    3. Go to the Scheduled Tasks section and then the Update sub-section.
    4. In the "Download virus definition update from" section verify the settings for the source the clients will download the pattern files from:
    5. In the section "Scheduled Tasks" click on "Change Schedule"
    6. Set a time of day or a time range that you want the Virus Definition Updates to take place and click "Save"
    7. In the "Download virus definition update from" section verify the settings for the source the clients will download the pattern files from:

      PatternFileSources.png