Issue: LANDESK Antivirus not detecting a suspected virus

Version 9

    Verified Product Versions

    LANDESK Management Suite 9.5LANDESK Management Suite 9.6LANDESK Management Suite 2016.x

    Issue

     

    LANDESK Antivirus not detecting a suspicious file as being infected by a virus.

     

    Cause

     

    This issue can be caused by one or more of the following:

     

    • Outdated Antivirus scanning engine
    • Outdated Antivirus pattern (bases) files
    • Real-time engine not running
    • File or directory is added to an exclusion list or trusted items list
    • No antivirus pattern file for this particular virus strain variation

     

    Resolution

     

    Outdated Antivirus scanning engine

     

    For optimal performance, detection remediation of viruses, it is advised to be running the latest Antivirus Engine and to have the latest Antivirus patches installed.  To find out how to check the current Antivirus engine version on clients, see this article.

     

    Outdated Antivirus pattern (bases) files

     

    Ensure that the latest antivirus pattern (bases) files are installed on the core and the client.  Without the latest antivirus pattern files, the Antivirus engine may not be able to detect the latest viruses.

     

    For further Information about ensuring the core and client are using the latest pattern files, see this article.

     

    Realtime engine not running

     

    If the real-time engine is not running, viruses will not be detected as files are accessed.  To ensure that the real-time engine is running, the LANDesk Antivirus icon in the system tray should be a yellow shield.  If it is a gray shield with a red line through it, the Antivirus Engine is not running.  To start the real-time engine, double-click the LANDESK Antivirus shield icon and then click "Enable" next to "Realtime protection".  It the realtime engine still fails to start, there are Multiple ways to access support.  Be prepared to gather and send the LANDESK Antivirus log files detailed here.

     

    File or directory is added to an exclusion or trusted items list

     

    If a file or directory is added to the Antivirus exclusions list or the trusted Items list, it will be ignored during an Antivirus scan.  Ensure that the suspicious file or the directory that contains the file is not on an exclusion list or trusted items list.

     

    For further information about Antivirus Exclusions, see this article.

     

    "Scan for risky software in addition to viruses" option not turned on in LANDESK Antivirus Settings

     

    Some malware that is not a traditional virus (i.e., spyware, FTP, IRC, remote control utilities, etc) and is labeled "Risky Software" will not be scanned for and remediated if the "Scan for risky software in addition to viruses" option is not turned on in LANDESK Antivirus Settings.  In order to turn on this option, go to the LANDESK Antivirus Settings - General Tab and check the box next to this option.

     


    Note:
    If these items are all checked and LANDESK Antivirus still fails to find malware, please submit the suspicious file(s) to LANDesk Support by following this article.