Issue: Ivanti Antivirus not detecting a suspected virus

Version 11

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x



    Ivanti Antivirus not detecting a suspicious file as being infected by a virus.




    This issue can be caused by one or more of the following:


    • Outdated Antivirus scanning engine
    • Outdated Antivirus pattern (bases) files
    • Real-time engine not running
    • File or directory is added to an exclusion list or trusted items list
    • No antivirus pattern file for this particular virus strain variation




    Outdated Antivirus scanning engine


    For optimal performance, detection remediation of viruses, it is advised to be running the latest Antivirus Engine and to have the latest Antivirus patches installed.  To find out how to check the current Antivirus engine version on clients, see this article.


    Outdated Antivirus pattern (bases) files


    Ensure that the latest antivirus pattern (bases) files are installed on the core and the client.  Without the latest antivirus pattern files, the Antivirus engine may not be able to detect the latest viruses.


    For further Information about ensuring the core and client are using the latest pattern files, see this article.


    Real-time engine not running


    If the real-time engine is not running, viruses will not be detected as files are accessed.  To ensure that the real-time engine is running, the Ivanti Antivirus icon in the system tray should be a yellow shield.  If it is a gray shield with a red line through it, the Antivirus Engine is not running.  To start the real-time engine, double-click the Ivanti Antivirus shield icon and then click "Enable" next to "Real-time protection".  It the real-time engine still fails to start, there are Multiple ways to access support.  Be prepared to gather and send the Ivanti Antivirus log files detailed here.


    File or directory is added to an exclusion or trusted items list


    If a file or directory is added to the Antivirus exclusions list or the trusted Items list, it will be ignored during an Antivirus scan.  Ensure that the suspicious file or the directory that contains the file is not on an exclusion list or trusted items list.


    For further information about Antivirus Exclusions, see this article.


    "Scan for risky software in addition to viruses" option not turned on in Ivanti Antivirus Settings


    Some malware that is not a traditional virus (i.e., spyware, FTP, IRC, remote control utilities, etc) and is labeled "Risky Software" will not be scanned for and remediated if the "Scan for risky software in addition to viruses" option is not turned on in Ivanti Antivirus Settings.  In order to turn on this option, go to the Ivanti Antivirus Settings - General Tab and check the box next to this option.


    If these items are all checked and Ivanti Antivirus still fails to find malware, please submit the suspicious file(s) to Ivanti Support by following this article.