Ivanti Product Alert - Ivanti Antivirus 2017 (Bitdefender) Certificate expired (Action Required)

Version 40
    Note: If you have not yet installed Ivanti Antivirus 2017 (Bitdefender Engine) into your environment, you will only need to follow How to get started with Ivanti Antivirus 2017 (Bitdefender Engine)  The rest of this article will not apply.

     

    Action Required

     

    Your Action Required to Update Antivirus Certificate

     

    If you are running the Ivanti AV 2017 (Bitdefender) Antivirus software from Ivanti, your security certificate for Windows expired on September 17, 2018.   As the certificate has expired Antivirus will stop working.  This does not affect Antivirus that is installed on the Core Server after September 17, 20018.

     

    The following uninstall issue affects all currently installed versions of Ivanti Antivirus 2017

     

    In addition, this has affected the ability to uninstall Antivirus properly.  Later in this document we detail the steps to uninstall Ivanti Antivirues 2017.

     

    All the current Ivanti Endpoint Manager (EPM) releases (2016.3, 2017.3 SU5 and 2018.1 SU1) have the Ivanti AV 2017 auto-update option turned off, this configuration is hard-coded and cannot be changed by the EPM admin. This prevents the Ivanti AV 2017 agent from getting updated to the latest supported version. As a result of not having an updated agent with a current certificate, the agent stopped working on September 17, 2018. To solve this issue Ivanti has created a process that will update the endpoint from version 6.2.x.x to 6.6.x.x.

     

    Starting in 2018.3 the auto-update option is turned on and the clients can auto-update to the latest version without reinstallation.

     

     

     

    To update your core and client systems, you will need to take immediate action as described below.  Make sure to follow each step.

     

    1. Update the Server

     

    1. Update the Core Server by running Update.exe

     

    1. Download http://patch.landesk.com/patches/IvantiAVUpdate_082018_x64.zip
    2. Extract the files into a temporary location on the EPM core server.
    3. Navigate to that directory and run update.exe
    4. Watch Windows Task Manager for update.exe to finish processing

      2018-08-29_5-01-49.jpg

    (Update.exe must finish on the core server prior to updating the clients)

     

    Note: you can check the version of the update server on the EPM Core, to see if the update was applied or if your core server already has the correct updates applied:

        - Go to the Windows Task Manager, in 'Details' right click on 'EPUpdateService', select 'Properties', then 'Details'

        - Before the update the version is 6.2.x.x

        - After the update the version will be 6.6.x.x

     

    2. Download new Antivirus installation files through Patch and Compliance Manager

    1. Open the Download Updates dialog within Patch and Compliance Manager
    2. Under Windows -> Software Updates select Ivanti xx.x Software Updates and Ivanti Antivirus Core Installation Files
    3. Click Download Now
      This will download a new IVANTIAV2017UPDATE_AUG2018 definition and new epsecurity_x86 and epsecurity_x64 Antivirus 2017 product files.

     

    3. Update clients

     

    Note: Installing the new Antivirus over top of the old Antivirus through an entire Antivirus reinstall will not work at this time and will result in a failure.   The only upgrade process is described below

     

    2018-08-29_4-35-16.jpg

    1. Select "Ivanti Update" in the type dropdown in the top left of Patch and Compliance Manager
    2. Right-click "Ivanti2017UPDATE_AUG2018" and select "Download associated patches"
    3. Click "Show all associated patches", multi-select the two patches that show up and click "Download"
    4. Right-click "LDAV2017UPDATE_AUG2018" and select "Repair"
    5. This will open the "Repair Task" dialog.  Make any changes to settings you wish on this page or just click "Save".
    6. This will open the Scheduled Tasks tool and you can drag any clients you wish to update to this task
    7. Right-click the task and set the desired start time.

     

    After you feel comfortable with the updates that are proceeding in your clients you can set the definition to Auto-fix by right-clicking "LDAV2017UPDATE_AUG2018" and selecting Auto-fix and then the auto-fix options you would like

     

    How to determine update success

     

    Verifying success using Patch and Compliance Manager

     

    You can use the Type drop-down in Patch and Compliance Manager to filter by only Ivanti Updates

    You can then expand the Scan folder and go to the "Detected" folder.  This will show all computers that still have the old version installed.

     

    Verifying success using Reporting

     

    You can use some of the following reports to view success criteria as well.

     

    Note: Gather Historical Information may be necessary to provide up to date information

     

     

    Viewing success within the client UI

     

    Right-click the system tray Antivirus icon and choose "About"

     

     

    The AV UI will report 6.6.1.x or 6.6.3.x.

     

     

    Viewing success through updated file data

     

    Within Task Manager processes view right-click the Endpoint Update Service and verify that the version shows 6.6.x.x

     

    The files will report 6.6.1.x or 6.6.3.x

     

     

    View Inventory scan data

     

    Run an Inventory Scan on your devices that includes software.

    The results will show within Security -> Antivirus Software -> Antivirus

    The product version will show version 6.6.x.x

     

    A query can be created from this inventory data, or a custom column set can be created to show the product version as part of the columns for each computer in the network view.

     

    Installing through Software Distribution as an alternative

     

    For 64-bit clients

     

    1. Download http://patch.landesk.com/patches/IvantiAVUpdate_082018_x64.zip
    2. Create a subdirectory under your Software Distribution folder called something like "AVSeptemberUpdate64-bit
    3. Unzip the files (update.exe and ldavbd.dll) and place them into this folder
    4. Open the Distribution Packages tool within the Distribution tool group.
    5. Under My Packages or Public Packages right-click and select New Windows Package - Executable
    6. Name your package something along the lines of "Antivirus 2017 September Update 64-bit" and give a description to the package if desired
    7. In the Primary File section enter the path to your package directory and select the update.exe file
    8. In the Additional Files section browse to your package directory and select ldavbd.dll
    9. Click Save

     

    For 32-bit clients

     

    1. Download http://patch.landesk.com/patches/IvantiAVUpdate_082018_x86.zip
    2. Create a subdirectory under your Software Distribution folder called something like "AVSeptemberUpdate32-bit
    3. Unzip the files (update.exe and ldavbd.dll) and place them into this folder
    4. Open the Distribution Packages tool within the Distribution tool group.
    5. Under My Packages or Public Packages right-click and select New Windows Package - Executable
    6. Name your package something along the lines of "Antivirus 2017 September Update 64-bit" and give a description to the package if desired
    7. In the Primary File section enter the path to your package directory and select the update.exe file
    8. In the Additional Files section browse to your package directory and select ldavbd.dll
    9. Click Save

     

    This package can then be sent to the Antivirus 2017 clients.

     

    Uninstalling Ivanti Antivirus 2017 (Bitdefender Engine)

     

    This applies to all versions currently released of Ivanti Antivirus 2017

    Prerequisites

    1. Download the latest AV core files from the content server.
    2. Copy the UninstallTool.exe program in C:\Program Files\LANDesk\ManagementSuite\LANDesk\files (attached, this version will return “reboot needed” when exiting)

    Procedure

    1. In agent Settings, click on Install/Update security components
    2. Select "Ivanti Antivirus 2017" and select your Settings
    3. Optionally click on "Show progress dialog on client"
    4. Click on Save
    5. Go to Distribution Packages / My packages
    6. An "Install or Update Security Components" package has been created by the Install/Update Security Components..."
    7. Save this distribution package
    8. Edit the "install or Update Security Components" package and go to "Dependant Packages"
    9. Add the task to uninstall Ivanti AV 2017, and a reboot task (created by default)
    10. Save and create a scheduled task to deploy this package.