How to get started with Ivanti Antivirus 2017 (Bitdefender Engine)

Version 55

    Verified Product Versions

    Endpoint Manager 2016.xEndpoint Manager 2017.xEndpoint Manager 2018.x

    Note: It is a must to install the latest Service Update for your version in order to have the latest features, enhancements and fixes.  Ivanti EPM 2017.3 or later is required.

     

    The initial release is only applicable to the Windows operating system. MAC support will be available in a future Service Update.

     

    This document serves as a best practices step by step guide for setting up, configuring and maintaining the new Ivanti Antivirus solution.  This is meant as a quick-start guide and does not go into advanced options.

     

    Important Note: If transitioning from the previous Ivanti Antivirus offering to the NEW Ivanti Antivirus offering, no additional purchase is required.    In order to obtain a license follow the steps below.

     

    • Create an incident through the Support Portal (Recommended) or Contact Ivanti Support by phone and select Option 2 and then Option 3 and request an Antivirus 2017 (Bitdefender) license.  Licensing personell may not be immediately available so it is recommended to use the Support Portal and your license should be returned within 1 business day depending on the time of the submitted incident.

     

    When submitting an incident through the portal please select the following options:

    (If using a version later than 2017 of Endpoint Manager, select that version)

     

    Do a search for "Antivirus 2017" and you will see that the Contact Support button is enabled in the top right.  Click "Contact Support" and then "Raise Support Case" 

     

    Please use the subject "Antivirus 2017 License Request"

     

     

     

    All Images in this document can be viewed full size by clicking on them.

    Ivanti Antivirus Installation

     

    Two stages must happen in order to install Ivanti Antivirus 2017 (Bitdefender Engine) in your environment.

     

    Installation of the Update Server on your Ivanti Core Server

     

    Ensure that you have an active license for Ivanti Antivirus 2017

     

    After purchasing the license/subscription for the new Ivanti Antivirus product and installing the latest Service Update on your 2017.3 or later core server, the following steps must be performed prior to deploying the new solution to your managed endpoints. If transitioning from the previous Ivanti Antivirus offering to the NEW Ivanti Antivirus offering, no additional purchase is required.  In the event that the following two licenses are not showing up, you need to reactivate your Core Server by going to the Start Menu on the Core Server and typing "Core Server Activation" and <Enter>.  After core server activation please verify the following (2) sets of licenses exist in Configure > Product Licensing:

    • Ivanti Antivirus Manager 2017 powered by Landesk   (EPM 2017.x)
    • Ivanti Antivirus Subscription 2017 powered by Landesk  (EPM 2017.x)

    or

     

    • Ivanti Antivirus Manager 2018 powered by Landesk   (EPM 2018.x)
    • Ivanti Antivirus Subscription 2018 powered by Landesk  (EPM 2018.x)

     

     

    Whitelist the update URL on network devices

     

    Ensure that your Core Server and clients will have access to the following URL:

    http://ivanti-60013e4c-1d97-4269-b5b7-625530f25c30.2d7dd.cdn.bitdefender.net/

    You will likely need to whitelist *.cdn.bitdefender.net or *.bitdefender.net on your firewall or other network security appliances.

    It is also best to exclude your core server from caching information in Internet Caching appliances as it has been seen that quite often the caching appliance servers up outdated information when compared to the Core Server resulting in multiple issues.

    Download Ivanti Core Installation Files

     

    Unlike our current Antivirus offering, the new Ivanti Antivirus installation files are downloaded from the Ivanti content servers via the Download Updates interface located in the Security and Compliance | Patch and Compliance tool.

     

    In order for this new section to show up in the Download Updates - Software Updates section you will need to run a download of any content type first.  Perform the following steps:

     

    1. In the Endpoint Manager Console go to the Security and Compliance tool group and select "Agent Settings".
    2. Click the first icon in the Agent Settings tool to bring up the "Download Updates" dialog.
    3. Click the "Updates" tab and then select any category and then click "Download now".
    4. After the initial download, close the "Download Updates" dialog and re-open it.

     

    After running this download you will see a new "Ivanti Antivirus Core Installation files" section under the Windows --> Software updates section.

     

    Upon selecting this option and selecting "Download now", the following prompt will be displayed:

     

    AVAgreePopup.png                                                                             
                                                                 (Click for full size for readability)

     

    Install the Ivanti Update Server

    AVSetup may fail to run if there is a 3rd party anti-malware program on the Core Server.  This is due to AVSetup installing protection on the Core Server itself as part of the installation.

     

    Ensure that the latest available Service Update is installed on the Core Server before continuing.

     

    The Ivanti Antivirus Update server utility (AVSetup.exe) is only designed to run on the Ivanti Core server.  It cannot be installed elsewhere.

     

    • On the Core itself navigate to the directory where you have installed Ivanti Endpoint Manager  (Typically \Program Files\LANDesk\ManagementSuite)
    • Go to the ldlogon\AVClientBD\updateserverinstall subdirectory
    • Launch AVSetup.exe


    New Ivanti Antivirus 2017 Services on the Core Server

     

    The installation will create the following services on the Core Server:

    • Ivanti Endpoint Agent - Ensures the communication between a managed client machine and the security server.
    • Ivanti Endpoint Integration Service - Applies the security server settings to a managed client product.
    • Ivanti Endpoint Redline Service - Allows applying hotfixes in case the main update service or the product is not working.
    • Ivanti Endpoint Security Service - Provides protection against malware and other security threats.
    • Ivanti Endpoint Update Service - Downloads Ivanti Antivirus product updates and malware signatures.


    New Ivanti Antivirus 2017 Directory Structure


    The AVSetup.exe application  will also create a new directory structure in C:\Program Files\Ivanti consisting of the following subfolders:

    • Endpoint
    • EndpointSetupInformation
    • Ivanti Update Server

    Antivirus Client Installation

     

    Remove existing Antivirus Solution from Clients

     

    The new Ivanti Antivirus installation process will not detect or attempt to remove other security software on the computer. The removal of an antivirus solution not provided by Ivanti will have to be completed using the recommended removal methods provided by the Antivirus vendor. Often having more than one antivirus solution installed will result in one or both products malfunctioning, thus reducing the overall security of the system.

    Migrating from current Ivanti Antivirus (Kaspersky Engine) to NEW Ivanti Antivirus 2017 (Bitdefender Engine)

     

     

    With the latest service updates to 2017.3 and 2018.x of Endpoint Manager the older Kaspersky branded solution will be automatically removed when installing the newer Bitdefender-based offering.

     

     

     

     

    Migrating from another vendor's antivirus to NEW Ivanti Antivirus:

     

    If migrating from another antivirus solution, please reference the following document for removal assistance: About Removal Tools for Common Antivirus Software

     

    Step 4 - Create New Ivanti Antivirus Agent Setting

     

    1. Create a new Agent Setting for Ivanti Antivirus New contained under Tools | Security and Compliance | Agent Settings | Security.

    CreatingNewAgentSetting.png

     

        2. Select the desired configuration and save the agent setting.

    AV-Settings.jpg
    Note: It is important to select "Update product in addition to signatures" to have the Antivirus agent update versions automatically as part of the pattern file update process.  Otherwise will will take reinstalling Ivanti Antivirus to get the latest version.

     

     

    Step 5 - Deploy New Ivanti Antivirus

     

    The New Ivanti Antivirus solution can be installed as part of the agent configuration or installed via an Install Security Components task.  If the endpoints are on a supported version of the product, the overall agent does not need to be updated immediately to take advantage of the new Antivirus solution. To deploy the new Ivanti Antivirus, perform the following actions:

     

    1. Create Antivirus install task - Under Tools | Security and Compliance | Agent Settings select Create Task and choose Install/Update Security Components.

    CreateAVTask.png

     

      2. Under Security Components to Install select "Ivanti Antivirus New", choose the desired agent setting and Save.

     

    NewAVSettingsTaskConfig.png

     

    Upon saving, a task will be created. Use this task to target the subset of devices that currently do not have an Antivirus solution installed.

     

    To manually install the solution on the endpoint, the following syntax can be run:

    vulscan /installavnew /showui (the showui switch is optional)

     

    Step 6 - Pattern File Downloads

     

    To set how often the pattern files are downloaded to the core, navigate to the Download Updates  | Ivanti Antivirus New tab. The configurable range is 1-240 hours and is set to 24 hours by default.

     

    UpdatePatternFiles.jpg

     

    To keep the update server updated to the latest version automatically select the checkbox for "Automatically update the Ivanti Antivirus udpate server".

     

    Additional Links

     

    How to troubleshoot New Ivanti Antivirus 2017 (Bitdefender Engine)

     

    For more information regarding the configurable options in this tool, please reference the following document:

    https://help.ivanti.com/docs/help/en_US/LDMS/10.0/Windows/agent-h-antivirus-new.htm