How to schedule LANDESK Antivirus scans and pattern file updates

Version 9

    Verified Product Versions

    LANDESK Management Suite 9.5LANDESK Management Suite 9.6LANDESK Management Suite 2016.x

    Description

     

    How to best set up the schedules for Antivirus scans and pattern file updates.  This document will address only the scheduling said tasks.   It is recommended that otherwise the default settings be used as LANDESK Antivirus is pre-configured to provide the best balance between performance and security.   Be aware that modifying the default settings may reduce security, or may have an affect on performance.   However, it is recommended to consider your environment and review the settings to ensure that they meet your needs.

    How to set up a schedule on the Core Server to regularly download Antivirus pattern files

     

    Kaspersky releases antivirus pattern files (also referred to as "bases") on approximately a 2 hour release schedule.   It is recommended to download pattern files to the core server  daily in order to stay up to date with the latest definitions.   If using Preferred Servers it will be necessary to set up a replication job in between pattern file updates on the core server.  The clients will take advantage of the LANDESK peer download and preferred server technologies, which can significantly save bandwidth.

     

    The following actions all take place on the Core Server or from a Remote Management console.

    1. Open the Agent Settings tool within the Security and Compliance group.
    2. Click on the first icon in the Agent Settings toolbar.   This is the "Download Updates" tool.
    3. On the "Updates" tab open the "Windows" node, then the "Security" node, and then the "Antivirus" node.
    4. Finally ensure that only "LANDESK Antivirus updates" is selected.  All other categories throughout the tree should cleared.
    5. Click "Schedule Updates" at the bottom of the window.   This will open the "Scheduled update information" window.
    6. Enter in a description such as "LANDESK Antivirus pattern file updates" and click "OK".   This will open the "Schedule task" window.
    7. Click the "Schedule" task section in the left-hand pane, select the "Start Later" radio button, and enter in a time for the pattern file updates to start.  Remember that ideally pattern file updates will be downloaded several times a day, however there are times it may be more simple to download updates only once a day.  Updates should be downloaded prior to when the clients will be updating their pattern files if they are using the Core as the source.
    The preferred method is to set up a regular schedule for the pattern files to be updated.

     

    1. In the Agent Settings tool, under the "All Agent Settings" or "My Agent Settings group, open the Security group, then the "LANDESK Antivirus" group and select the desired Antivirus setting to edit.
    2. Go to the "Scheduled Tasks" section and check the box marked "Update" and then select "Change schedule".
    3. You can then set specific times, day of week, frequency, etc for the scan to run.

     

    A full system scan can also be pushed from the core to the client like this:

     

    1. In the "Agent Settings" Tool, click the drop-down next to the "Create a task" icon.  (The 2nd icon)
    2. Select "LANDESK Antivirus Task"
    3. Under "Actions to perform" choose "Update virus definitions".
    4. Choose whether to schedule it as a push or policy task, whether to automatically target all LDAV clients, whether to start now or not, and whether or not to update the virus definitions on the core prior to running the task on the clients.
    5. Select the LANDESK Antivirus setting to use during this task.

     

    There is also a vulnerability definition that can be run that will ensure that the pattern files are no older than X amount of days. If they are the computer can be scanned against that definition and it will cause a pattern file update to launch on the client.

     

    The vulnerability definition is AV-107 titled "LANDESK Virus Definition Files Up to Date".

     

    This configurable definition will detect managed nodes that have not updated their virus definition within the number of days specified in the custom variable, "Number of days Since Last Updated". The default value is 0 which means that the virus definition file on the managed node must match the virus definition file on the LANDesk core.

    Configuring regular Antivirus pattern file updates within the LANDESK Antivirus Settings

    1. In the LANDESK Management Suite Console, open the Agent Settings tool and select the correct Antivirus behavior under All Agent Settings or My Agent Settings, and then Antivirus node.
    2. Select the Antivirus behavior that the affected clients are using and select "Edit".
    3. Go to the Scheduled Tasks section and then the Update sub-section.
    4. In the "Download virus definition update from" section verify the settings for the source the clients will download the pattern files from:
    5. In the section "Scheduled Tasks" click on "Change Schedule"
    6. Set a time of day or a time range that you want the Virus Definition Updates to take place and click "Save"
    7. In the "Download virus definition update from" section verify the settings for the source the clients will download the pattern files from:

      PatternFileSources.png