As Ivanti Antivirus is based on Kaspersky Endpoint Security 10, for training on the settings and configuration it is recommended to visit the Kaspersky training course located here: Basics of Kaspersky Endpoint Security 10
How do I limit the end-user ability to modify Ivanti Antivirus Settings, shut down the services, etc?
There are various places to limit the user ability to modify Ivanti Antivirus Settings.
Ivanti Antivirus Settings
There are various locations within the Ivanti Antivirus Settings where User Control can be modified.
To modify the Ivanti Antivirus settings:
1. Open the Agent Settings tool in the Ivanti Endpoint Manager Console.
2. In the Security group on the left select "Ivanti Antivirus Settings"
3. Select the Antivirus Setting you wish to edit and click "Edit"
Note, the following screens will point out the different areas that can affect user feedback and/or interaction.
Antivirus Settings - General Tab
- Show Ivanti Antivirus in system tray - Enables or Disables the yellow Antivirus shield icon from showing in the system tray
- Enable right-click scanning - Adds or removes the option "Scan for viruses" when right-clicking a Drive, Directory, Folder, or File.
- Allow user to add files and folders to Trusted Items List - Allows users to add files to a trusted list. This means Ivanti Antivirus will trust those files and will not scan them. (Security Risk)
Antivirus Settings - Permissions Tab
- Allow user to disable protection components for up to [ x ] minutes - (Security Risk)
(This option should only be enabled for IT personnel or similar responsible users that routinely work with files that could be considered a security risk)
- Allow user to update definitions - Regular pattern file updates should be enforced on a schedule set by the Administrator within the Antivirus settings on the core. However, in some instances, it may be necessary to allow the user to Schedule virus definition updates on their own schedule.
- Allow user to restore objects - (Security Risk)
- Allow user to change settings - This parent setting controls the 4 settings below if unchecked. If checked they can be selected individually.
- Allow user to schedule scans - Regularly scheduled scans should be enforced on a schedule set by the Administrator within the Antivirus settings on the core. However, in some instances, it may be necessary to allow the user to Schedule the scans to their own desired schedule.
- Allow user to exclude objects from scanning (Security Risk)
- Allow user to add Web URL's (Security Risk)
- Allow user to configure exclusions in Network Attack Blocker (Security Risk)
Using Agent Watcher to monitor Ivanti Antivirus Services
Agent Watcher is a configurable component of the Agent Configuration that enables monitoring, enforcement and reporting on critical Ivanti Endpoint Manager files and services. For further general information about Agent Watcher, please refer to the Ivanti EPM Help File: Enable and configure Agent Watcher
Use Security and Patch Definitions to ensure Antivirus is up to date and running
Use Windows User Rights to limit user interaction
Windows User rights and Group Policy settings can be used to limit the user ability to stop services, etc.
Install Ivanti Application Control as part of Ivanti Endpoint Security to protect critical Ivanti Files
Ivanti Endpoint Security adds layers of added security to thwart malicious attacks and rootkits using application control that prevents applications from executing in malicious ways right on your individual host systems. Use it to extend the power of Ivanti Endpoint Manager to protect your system files, critical registry keys and also the Ivanti Client files.