How to set up Ivanti Antivirus Exclusions

Version 31

    Verified Product Versions

    LANDESK Management Suite 9.5LANDESK Management Suite 9.6LANDESK Management Suite 2016.xLANDESK Endpoint Manager 2017.x

    This article discusses adding exclusions to the Ivanti Antivirus scanning.   Remember to view the help file within the Ivanti client AV UI for further help information.

     

    What is an Antivirus scanning exclusion?

     

    An Antivirus scanning exclusion is an instruction created by the user or administrator telling the real-time scanner and/or the manual scanner not to scan certain folders, file types and/or files.  Often the word "Exception" and "Exclusion" are both used when describing this.

     

    Why do I need an Antivirus scanning exclusion?

     

    The exclusions list for Real-time scanning and for the Manual scans need not be identical.  Take time to analyze your environment and consider which files, folders, drives, and extensions you want to be scanned in each instance.

     

    A balance between a secure environment and the reliability and performance of the computers must be kept in mind.  A lack of exclusions in virus scanning can be a key factor in outages to applications and services.  Any Antivirus product will enhance security, however, there is often a tradeoff in performance.

     

    There are various reasons to instruct your virus scanner to skip over certain directories, files, or file types.

     

    There are typically specific types of files that are the target for those that create malware.

     

    A good practice is to set the real-time scanner to scan "Infectable files only" and to set the Full scans to scan "All files types".

     

    However, when scanning, there are times you may want to create exclusions.

     

    Example:

     

    A developer's workstation that is used for compiling code. 

     

    There are various file types that would be good to exclude on a developer's workstation.  With Antivirus software scanning the source, it can dramatically increase compile times.

     

    Examples of file types to exclude are  .ilk, .pdb, .cc, .h


    Also, add an exclusion for scanning the directory where your sources reside.

    Various server types

    Various exclusions may be necessary for various server types.  Exchange servers, SQL servers, domain controllers, etc. can have performance adversely affected by unnecessarily scanning particular files

     

    The following article has information for exclusions for particular types of servers:

     

    How To: Configure Ivanti Antivirus Exclusions on Various Microsoft Server Types

     

    How do I create an Antivirus scanning exclusion?

     

    Antivirus scanning exclusions are created in 3 areas.

     

    • The "Real-time Protection" tab in the Antivirus settings on the core server.  (Added by the Administrator)
    • The "Virus Scan tab" in the Antivirus settings on the core server.  (Added by the Administrator)
    • In the Trusted Items list on the client.  (Added by the end user if they have been given appropriate rights)

     

    Adding Antivirus exclusions in the "Real-time Protection" and "Virus Scan tabs" within the Antivirus settings on the core server:

     

    1. Go to the Security and Compliance tool group in the LDMS console.

    2. Open the Agent Settings tool in the LDMS console

    3. In the left tree under My Agent Settings or All Agent Settings open the Ivanti Antivirus setting you wish to configure.

    4. Under the "Protection' groups click either the "Real-time protection" tab or the "Virus Scan" tab.

    5. You will be presented with the option to add exceptions for Files, Folders, and File Extensions.

     

    Exclusions.png

     

     

    For the acceptable file, folder and extensions masks please refer to this Kaspersky article.

     

    When entering in exclusions, it is a recommended to review the list of exclusions to ensure accuracy.  Make sure that path, file names, and exclusion type is correct.

     

    ExclusionTypes.png

     

    Note: Exclusions must be entered separately for the Real-time scanner and Manual scans.  Real-time refers to the scanner that is actively watching the system and scans each file as it is executed or accessed.    Manual scan refers to any other scan.  This means Scheduled scans, right-clicking a file, folder, or drive and selecting "Scan for viruses", scans run from the local scheduler, etc.  However, directly scanning an excluded folder or file by right-clicking that folder or file and selecting "Scan for Viruses" will ignore the exclusions list.  This is by design.

     

    Also, note that changes to the Exclusion list do not take place immediately.  The LANDESK Antivirus service must be restarted for the exclusions to take place, as the exclusions list is read during the service initialization.

     

     

     

    Adding to the Trusted Items List (Giving the user rights to trust items)

    This is NOT a recommended practice.  It is appropriate for IT or other types that are educated about the ramifications of adding exclusions.

     

    1. Open the Security and Patch Manager Tool in the LDMS console

    2. Click the drop-down on the icon labeled "Configure Settings" (Third icon from the left) and select "LANDESK Antivirus Settings"

    3. On the "Permissions" tab, check the box marked "Allow user to exclude objects from scanning"

    UserExclusions.png
    This enables an option on the client side to allow the user to exclude objects from scanning.  This will cause both the real-time scanner and any manual scans to skip scanning the files or folders that have been added.  To add exclusions:

     

    1. Click the settings button under "Scan exclusions and trusted applications"
      clientexclusions.png
    2. Click the "Add" button and click the blue text "Select file or folder..."
      ClientExclusionsAdd.png

    3. Exclusions can be added for specific protection components or for all of them.

     

     

    Configuring Antivirus exceptions for a Ivanti Endpoint Manager Core Server with an Antivirus client installed:

    http://community.landesk.com/support/docs/DOC-6920

     

     

    Logging for Antivirus Exclusions

     

    The exclusions are logged in the LDAV.LOG in the \ProgramData\LANDESK\log directory.