Antivirus clients not updating pattern files from the Internet

Version 12

    Verified Product Versions

    LANDESK Management Suite 2016.xLANDESK Endpoint Manager 2017.x

    Issue

     

    Clients are set to update the Antivirus pattern files from the internet, however, the updates are failing and updates are not coming from the internet.

     

    Either the updates are failing altogether, or the updates are going to the Core Server instead of the Internet.

    Cause

     

    There can be various reasons this can occur.

     

    Typically it is because the updated Antivirus Behavior has not been correctly applied at the client.

    Resolution

     

    • Verify the settings on the core server match the client Antivirus Behavior currently in use by the client
    • If necessary update the Antivirus Behavior on the client through a change settings task

     

    Further information:

     

    Verify the Ivanti Antivirus Settings on the core server:

     

    1. In the Ivanti Endpoint Manager Console, open the Agent Settings tool under the Configuration tool group and select the correct Antivirus behavior under Security Configurations - Ivanti Antivirus
    2. Select the Antivirus behavior that the affected clients are using and select "Edit".
    3. Go to the Update section of the setting
    4. In the "Download virus definition update from" section verify the settings for the source the clients will download the pattern files from:

    CoreFirst.jpg

     

    Next, compare the settings the client has to the settings the core shows.

     

    This setting is shown in the following log file:

     

    LDAV.log

     

    The text within the log will look something like this:

    Tue, 07 Nov 2017 18:08:01 ---------- Initializing LANDESK Antivirus Service -------------------

    Tue, 07 Nov 2017 18:08:01

    Tue, 07 Nov 2017 18:08:01 Running on workstation, LANDESK system language: ENU

    Tue, 07 Nov 2017 18:08:01 Setting permission on HKLM\Software\LANDesk\ManagementSuite\WinClient\Antivirus...

    Tue, 07 Nov 2017 18:08:01 Setting permission on HKLM\Software\LANDesk\ManagementSuite\WinClient\Antivirus\License...

    Tue, 07 Nov 2017 18:08:01 Setting permission on HKLM\Software\LANDesk\ManagementSuite\WinClient\Antivirus\Patches...

    Tue, 07 Nov 2017 18:08:02 Loading behaviors...

    Tue, 07 Nov 2017 18:08:02 Successfully loaded behaviors

    Tue, 07 Nov 2017 18:08:02 Loading the settings: 2017-3_v528.3

    Tue, 07 Nov 2017 18:08:02 Loading settings for each component

    Tue, 07 Nov 2017 18:08:02 Loading update settings...

    Tue, 07 Nov 2017 18:08:02 pilot: false

    Tue, 07 Nov 2017 18:08:02 Download from core then internet

     

    If this setting does not match the setting within the GUI for the Ivanti Antivirus settings on the core server, a Change Settings task should be scheduled for the client.

     

    How to create a change settings task to change the Antivirus Settings

     

    1. In the Agent Settings tool within the Configuration tool group select the second icon and in the drop-down select "Change Settings"
      Changesettings.jpg
    2. Choose "Scheduled Task" or "Create a policy" and then select the Antivirus Settings that contain the correct "download from" option and select OK.
    3. This will create a Scheduled Task with the name you specified for the Change Settings task.
    4. You can now drag the target computers to this task and start it at the desired time.

     

    This can also be done on a per-client basis by going to the Run line on a client and typing "Vulscan /changesettings /showui".

     

    For further information regarding Standalone Antivirus Agent installations, see this article:

     

    http://community.landesk.com/support/docs/DOC-6829