How to manually update Lumension Anti-Virus definition files

Version 1

    Details

    Lumension Endpoint Management and Security Suite (LEMSS) with Lumension Anti-Virus (LAV) 7.2

    BACKGROUND

    Some company security policies require an infected endpoint be taken off the network prior to updating the Anti-Virus definitions and performing additional scans.  This means the endpoint is not able to communicate to the LEMSS server to receive updated Anti-Virus definitions.


       


      Resolution

       

      PROCEDURE

      For HEATsoftware Anti-Virus, use the following steps to update LAV definitions in the event the endpoint has to be taken offline:
      NOTE:  Please ensure the AV Definition files on the LEMSS server are updated!

      1. On the LEMSS server, locate the Anti-Virus definition files in the Install Directory\HEATsoftware\EMSS\Content\AntiVirus\Files\Gold folder
      2. Based on the Operating system architecture, the following files needs to be copied to a removable storage device
        • 32bit Operating System
          • nse_w32.dll
          • ncl.dll
          • nse32.dll
          • nvcbin.def
          • nvcincr.def
          • nvcmacro.def
          • vengineosprofile.xml
        • 64bit Operating System
          • nse_w64.dll
          • ncl_64.dll
          • nse64.dll
          • nvcbin.def
          • nvcincr.def
          • nvcmacro.def
          • vengineosprofile.xml
      3. On the infected endpoint, stop the LEMSS Agent service in Windows Services
      4. Insert the removable media storage device and replace the files in %ALLUSERSPROFILE%\Application Data\HEATsoftware\LMAgent\Data\persist\AV\ScanEngine folder
      5. Start the LEMSS Agent service in Windows Services
      6. Launch HEATsoftware EMSS Agent Control Panel, click on AntiVirus followed by Scan Now & Events
      7. Click on scan now