Antivirus clients not updating pattern files from the Internet

Version 9

    Issue:

     

    Clients are set to update the Antivirus pattern files from the internet, however the updates are failing and updates are not coming from the internet.

     

    Either the updates are failing altogether, or the updates are going to the Core Server instead of the Internet.

     

    Cause:

     

    There can be various reasons this can occur.

     

    Typically it is because the updated Antivirus Behavior has not been correctly applied at the client.

     

    Resolution:

     

    • Verify the settings on the core server match the client Antivirus Behavior currently in use by the client
    • If necessary update the Antivirus Behavior on the client through a change settings task

     

    Further information:

     

    Verify the LANDesk Antivirus Settings on the core server:

     

    1. In the LANDesk Management Suite Console, open the Security Configurations tool and select the correct Antivirus behavior under All Security  Configurations - LANDesk Antivirus
    2. Select the Antivirus behavior that the affected clients are using and select "Edit".
    3. In the "Download virus definition update from" section verify the settings for the source the clients will download the pattern files from:
    4. In the section "Schedule Virus Definition Updates" click on "Change Schedule"
    5. Set a time of day or a time range that you want the Virus Definition Updates to take place and click "Save"
    6. In the "Download virus definition update from" section verify the settings for the source the clients will download the pattern files from:

    PatternFileSources.png

     

    Next compare the settings the client has with the settings the core shows.

     

    The Antivirus Behavior settings are stored on the client in one of the following directories depending on the operating system:

     

    AVBehavior_(X).xml located in:

     

    \Documents and Settings\All Users\Application Data\LANDeskAV (Windows 2000/XP/2003)

     

    or ProgramData\LANDeskAV (Windows Vista/2008/7)

     

    Within the AVBehavior_(X).xml file, the following lines indicate the pattern file download source:

     

     

    <Name>BasesDownloadOrder</Name>

    <Val>InternetOnly</Val>

     

    This setting along with all client pattern file update activity is stored in the following log file:

     

    AVService_Update.log

     

    The text within the log will look something like this:

    Wed, 11 Nov 2009 10:27:57 Update started
    Wed, 11 Nov 2009 10:27:57 Download from internet only

     

    If this setting does not match the setting within the GUI for the LANDesk Antivirus settings on the core server, a Change Settings task should be scheduled for the client.

     

     

    How to create a change settings task to change the Antivirus Settings

     

    1. Click the "Create a Task" in Security and Patch Manager and select "Change Settings"

    4-20-2009 10-00-07 AM.png

     

    2. Choose "Scheduled Task" or "Create a policy" and then select the Antivirus Settings that contain the "Download pilot version of definition files" option and click [OK].

    4-20-2009 10-01-01 AM.png

    3. This will create a Scheduled Task with the name you specified for the Change Settings task.

    4. You can now drag the target computers to this task and start it at the desired time.

     

    This can also be done on a per-client basis by going to the Run line on a client and typing "Vulscan /changesettings /showui".

     

    For further information regarding Standalone Antivirus Agent installations, see this article:

     

    http://community.landesk.com/support/docs/DOC-6829