How to use Ivanti Endpoint Security to protect the Ivanti client files and services

Version 15

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x

    Ivanti Endpoint Security can be used to protect the Ivanti Client files and services.


    In it's most basic protection mode, Ivanti EPS can protect against various forms of malware, and through file protection rules can be used to lock down directories and/or files to prevent tampering from the end user or an outside attack.


    This article will describe the best settings to use with EPS in it's basic protection mode for this purpose.


    EPS is an excellent addition to any environment as an additional layer of protection against malware and various attacks.  It is to be used in addition to Antivirus software.


    Using Ivanti Endpoint Security to protect Ivanti Client Files and Services


    In it's most basic protection mode, EPS protects critical portions of the registry and system files.


    In addition, through file protection rules various malicious activity is blocked.


    • Prevents modification of the Ivanti Client directories
    • Prevents modification of critical HIPS files
    • Prevents modification of the HOSTS file
    • Prevents usage of scripts (.SHB, .SHS, .VBE, etc)
    • Prevents malicious use of FTP or TFTP
    • Prevents malicious scripts from being launched by MSN Messenger or Microsoft Outlook


    The following settings should be used if you want to use in it's least intrusive and most basic protection mode:


    1. Open the Security and Compliance tool group within the LDMS console.
    2. Go to the Agent Settings tool.
    3. Find the Security --> Endpoint Security section under "My agent settings" or "All agent settings" in the left-hand pane.
    4. Highlight the "Endpoint Security" node on the left and then double-click the setting you wish to modify on the right.
    5. Configure the settings as seen below:
    6. In the "Digital Signatures" tab configure the settings as pictured below:

    7. Move to the "Application Control" setting you wish to edit that is tied to the Endpoint Security setting and Edit it.
    8. Uncheck everything on the "General Settings" page.  Under the General Settings page under "Action to take" set to "Always Allow".
    9. Save the configuration.

    If violations are detected, these will be logged and can be viewed within the Security activity tool.