How To: Limit the End User Ability to Modify Ivanti Antivirus Settings

Version 12

    Verified Product Versions

    LANDESK Management Suite 2016.xLANDESK Endpoint Manager 2017.x

    As Ivanti Antivirus is based on Kaspersky Endpoint Security 10, for training on the settings and configuration it is recommended to visit the Kaspersky training course located here: Basics of Kaspersky Endpoint Security 10




    Question

     

    How do I limit the end-user ability to modify Ivanti Antivirus Settings, shut down the services, etc?

     

    Answer

     

    There are various places to limit the user ability to modify Ivanti Antivirus Settings.


    Ivanti Antivirus Settings

     

    There are various locations within the Ivanti Antivirus Settings where User Control can be modified.

     

    To modify the Ivanti Antivirus settings:

     

    1. Open the Agent Settings tool in the Ivanti Endpoint Manager Console.

    2. In the Security group on the left select "Ivanti Antivirus Settings"

    3. Select the Antivirus Setting you wish to edit and click "Edit"

     

    Note, the following screens will point out the different areas that can affect user feedback and/or interaction.

    Antivirus Settings - General Tab

    AVGeneral.jpg

     

    • Show Ivanti Antivirus in system tray - Enables or Disables the yellow Antivirus shield icon from showing in the system tray
    • Enable right-click scanning - Adds or removes the option "Scan for viruses" when right-clicking a Drive, Directory, Folder, or File.
    • Allow user to add files and folders to Trusted Items List - Allows users to add files to a trusted list.  This means Ivanti Antivirus will trust those files and will not scan them.  (Security Risk)

     

    • Antivirus Settings - Permissions Tab

    AVPermissions.jpg

    • Allow user to disable protection components for up to [ x ] minutes - (Security Risk)

          (This option should only be enabled for IT personnel or similar responsible users that routinely work with files that could be considered a security risk)

    • Allow user to update definitions - Regular pattern file updates should be enforced on a schedule set by the Administrator within the Antivirus settings on the core.  However, in some instances, it may be necessary to allow the user to Schedule virus definition updates on their own schedule.
    • Allow user to restore objects - (Security Risk)
    • Allow user to change settings - This parent setting controls the 4 settings below if unchecked.  If checked they can be selected individually.
    • Allow user to schedule scans - Regularly scheduled scans should be enforced on a schedule set by the Administrator within the Antivirus settings on the core.  However, in some instances, it may be necessary to allow the user to Schedule the scans to their own desired schedule.
    • Allow user to exclude objects from scanning (Security Risk)
    • Allow user to add Web URL's (Security Risk)
    • Allow user to configure exclusions in Network Attack Blocker (Security Risk)

    Using Agent Watcher to monitor Ivanti Antivirus Services

     

    Agent Watcher is a configurable component of the Agent Configuration that enables monitoring, enforcement and reporting on critical Ivanti Endpoint Manager files and services.  For further general information about Agent Watcher, please refer to the Ivanti EPM Help File: Enable and configure Agent Watcher

    Use Security and Patch Definitions to ensure Antivirus is up to date and running

     

    See How to use Security and Compliance Manager to Manage Ivanti Antivirus and Other Antivirus Vendor Software

     

    Use Windows User Rights to limit user interaction

     

    Windows User rights and Group Policy settings can be used to limit the user ability to stop services, etc.

     

    Install Ivanti Application Control as part of Ivanti Endpoint Security to protect critical Ivanti Files

     

    Ivanti Endpoint Security adds layers of added security to thwart malicious attacks and rootkits using application control that prevents applications from executing in malicious ways right on your individual host systems. Use it to extend the power of Ivanti Endpoint Manager to protect your system files, critical registry keys and also the Ivanti Client files.

     

    How to configure LANDESK Endpoint Security to provide Ivanti Agent protection