Ivanti Antivirus Introduction

Version 2

    Verified Product Versions

    LANDESK Management Suite 9.6LANDESK Management Suite 2016.xLANDESK Endpoint Manager 2017.x

    Introduction

    Ivanti Antivirus is a sub component of the Ivanti Management suite.  The client side portion uses the Kaspersky Endpoint Security engine but most of the backend processes and controls are Ivanti’s own components. Ivanti Antivirus is a powerful security solution that can be configured and easily managed from the security console.

     

    Licensing

    Ivanti Antivirus is a separately licensed product for Management suite.  The first step in using is it to make sure you have purchased and have all the proper licensing in place for it to be enabled and working on your core server and clients.

    Antivirus licensing has two parts, core licensing and client licensing.  Core licensing enables the components to actively be installed on clients, used and monitored on the core and to allow the downloading of definitions to the core.  This part of licensing in handled by the Core Server Activation utility.

     

    Client side licensing is a separate “.key” file that gets emailed to you from Ivanti and imported into your core by you using the Console, Antivirus License Information dialog. This license is entirely independent of the Core licensing portion and only activates the client side portion of antivirus and contains an expiration date and information on the number of nodes you purchased.  It does not in any way modify the core’s antivirus licensing or its ability to download definitions.

    The client key will expire eventually and you will need to get a new key from Ivanti and import it into the console when it does.

     

    Antivirus Action Center

    To access the Antivirus Action Center in the console select Tools > Security and Compliance > Security Activity.  Select the Settings drop down and select Landesk Antivirus Action Center.

     

    This dialog gives the status of the Antivirus setup on the core you can install a new license key, view license information and download definitions from this dialog.

     

     

    This dialog gives the status of the Antivirus setup on the core.  You can install a new license key, view license information and download definitions from this dialog.  For a more detailed explanation of each item, select the Help button.

     

    Installation

    Once your core is licensed and the client key imported, you are ready to begin installing Antivirus. This can be done in four ways.

    1. Through a standard Agent deployment and installation from the Core.
    2. Through a self-contained Agent executable
    3. By creating a Install/Update Security Components Task
    4. Running as Administrator the: vulscan.exe /installAV

    Command manually on a client.

    The installation first checks if an existing antivirus solution is present and attempts to remove it if possible. Afterwards, two components get installed during installation. The first is the Kaspersky Engine and GUI that gets rebranded to Ivanti Antivirus and the second is the Ivanti Antivirus service which handles the settings, updating and scanning and controls the GUI.  Installation handles the both on its own.  The client device will likely need rebooted to finish installation of Antivirus and in a few cases when updating an existing installation or removal of another antivirus solution sometimes a second reboot is needed.

     

    Download Definitions On The Core

    You can have the core be a central repository for the virus definitions or you can have the clients go right to the internet and download.  To start downloading Antivirus Updates Definitions on the core select Tools > Security and Compliance > Patch and Compliance and double-click on the Download Updates icon located on the menu bar.

     

     

    This will open the Download Updates interface, ensure the Updates tab is selected.

     

     

    The Landesk Antivirus tab in the same dialog has more options for antivirus.

     

     

    Agent Settings

    In Agent Settings under Security, Landesk Antivirus is where you will create the settings to configure antivirus on your clients.  In the settings, you can configure what antivirus components are enabled or disabled, how much bandwidth and CPU usage it will use as well as how updates to definitions and when to run scans are configured.

    As you are creating or modifying agent settings use the help button for more in-depth explanation of what each does and how to configure it.

     

    Security Activity

    The Security Activity tab in the console is where you will monitor Antivirus activity.  To open it Select Tools > Security and Compliance > Security Activity. In here you can see which clients have outdated pattern files(definitions), the status of their license and virus activity can be view by device or by infection.

     

    Additional Information and Getting Started Documentation:

    Getting Started - https://community.ivanti.com/docs/DOC-39373

    Antivirus/Antispyware General Information - https://community.ivanti.com/community/landesk/systems/antivirus