Do you have any spyware set to autofix? If so maybe try turning off the autofix for those spyware definition. Also you might want to check your patch download settings. By default I believe LANDesk sets spyware of a medium severity or higher to autofix. This can be configured on the Spyware tab of the download updates window. If nothing is autofixing then nothing should be automatically repairing itself. If that's the case then I would point more towards anti-virus being the issue.
Let me know if you think anything with that.
You have a few options when it comes to Spyware.
In the agent configuration, under Security and Patch Scan - Spyware, you can turn off the option that says "Enable real-time spyware blocking".
Also, you can set the default Scan and Repair setting that the agent uses to not scan for Spyware.
Under the "Scan" table for the scan and repair setting, there is the radio button "type" and then the types of definitions to scan for.
Uncheck the option for "Spyware".
You can also choose not to select the "Windows Spyware" when downloading updates and move any existing spyware definitions to the "Do Not Scan" group.
1 of 1 people found this helpful
If antispyware blocked it, it'll be in your security & patch manager > detected folder (set type to spyware to filter).
If antivirus blocked it, it'll be in a different window. Security & patch manager, click the yellow shield icon and go to activity by host.
A third possibility is that your application was blocked by an agent configuration setting (user clicked no at the "are you sure you wanted to do that thing you just did?" dialog). That doesn't log to the core at all.
That's the funny thing, too. I looked in the spyware filter and saw several identified objects, but nothing was identified as the file that is being removed from our software. I also went into the "yellow shield" and saw a few instances of the file being caught by antivirus and quarantined. So, I guess this would mean that antivirus is the culprit. But I only saw a few times where it caught the software when I know it has caught it several other times as well. Where would those quarantines have gone?
I am playing around with the same settings right now. One thing you should check on your AV Settings, is if you have "Scan for Risky Software" enabled. I had this on for my developers, and it found and quarentined alot of apps like Real VNC etc.
Just a thought, other then that, the above Scan and Repair stuff mentioned by others is your best bet.
When we rolled out LDAV, we also saw a few apps that got quarantined that should not have, and we simply told our agents to not look at that file, and they were fixed. You need to do this for both real time and scheduled scans. We ended up with 3 apps that were ingnored, and then we have not seen other issues.