As LANDESK Antivirus is based on Kaspersky Endpoint Security 10, for training on the settings and configuration it is recommended to visit the Kaspersky training course located here: Basics of LANDESK Endpoint Security 10
How do I limit the end user ability to modify LANDESK Antivirus Settings, shut down the services, etc?
There are various places to limit the user ability to modify LANDESK Antivirus Settings.
LANDESK Antivirus Settings
There are various locations within the LANDESK Antivirus Settings where User Control can be modified.
To modify the LANDESK Antivirus settings:
1. Open the Security and Patch Manager Tool in the LANDESK Management Suite Console.
2. In the dropdown for the 3rd icon select "LANDESK Antivirus Settings"
3. Select the Antivirus Setting you wish to edit and click "Edit"
Note, the following screens will point out the different areas that can affect user feedback and/or interaction. For a full explanation of these settings, see the LANDESK Advanced Training article.
Antivirus Settings - General Tab
- Show LANDESK Antivirus in system tray - Enables or Disables the yellow Antivirus shield icon from showing in the system tray
- Enable right-click scanning - Adds or removes the option "Scan for viruses" when right-clicking a Drive, Directory, Folder, or File.
- Allow user to add files and folders to Trusted Items List - Allows users to add files to a trusted list. This means LANDESK Antivirus will trust those files and will not scan them. (Security Risk)
Antivirus Settings - Permissions Tab
- Allow user to disable protection components for up to [ x ] minutes - (Security Risk)
(This option should only be enabled for IT personnel or similar responsible users that routinely work with files that could be considered a security risk)
- Allow user to update definitions - Regular pattern file updates should be enforced on a schedule set by the Administrator within the Antivirus settings on the core. However, in some instances, it may be necessary to allow the user to Schedule virus definition updates on their own schedule.
- Allow user to restore objects - (Security Risk)
- Allow user to change settings - This parent setting controls the 4 settings below if unchecked. If checked they can be selected individually.
- Allow user to schedule scans - Regular scheduled scans should be enforced on a schedule set by the Administrator within the Antivirus settings on the core. However, in some instances, it may be necessary to allow the user to Schedule the scans to their own desired schedule.
- Allow user to exclude objects from scanning (Security Risk)
- Allow user to add Web URL's (Security Risk)
- Allow user to configure exclusions in Network Attack Blocker (Security Risk)
Using Agent Watcher to monitor LANDESK Antivirus Services
Agent Watcher is a configurable component within the Agent Configuration that enables monitoring, enforcement and reporting on critical LANDESK files and services. For further general information about Agent Watcher, please refer to the LANDESK Help File: LANDESK Management Suite help - Agent Watcher
Use Security and Patch Definitions to ensure Antivirus is up to date and running
Use Windows User Rights to limit user interaction
Windows User rights and Group Policy settings can be used to limit the user ability to stop services, etc.
Install LANDESK Application Control as part of LANDESK Endpoint Security to protect critical LANDESK Files
LANDESK® Endpoint Security adds layers of added security to thwart malicious attacks and rootkits using application control that prevents applications from executing in malicious ways right on your individual host systems. Use it to extend the power of LANDESK Security Suite to protect your system files, critical registry keys and also the LANDESK Client files.
For further information regarding LANDESK Endpoint Security