As you are likely aware, LANDesk Antivirus uses the Kaspersky Antivirus engine. The pattern files are downloaded from Kaspersky.
The following Kaspersky website contains pattern release information, etc.
On the kaspersky website they list four releases after 04:00h (at 05:42, 08:41, 12:22 and 15:10).
Although our core did not receive new patterns, when the update download task runs at 16:00h, 15:00, 14:00, and so on. For example we received the last pattern update at 04:06h today (11.5.11).
I wonder why our schechuled task running every hour just downloads new patterns every four to six hours, althoug there a much more releases by kaspersky.
From what I see in the logs from the download taks on the core downloads pattern files from patch.landesk.com and not directly from kaspersky ( path: core-host\LDlog\vaminer.log).
Could you give me a hint, where i can check the right download log for pattern download from kaspersky.
What version of LANDesk Antivirus are you on?
VAMINER.LOG is the correct log file to look at for the download activity.
We are on version 220.127.116.11 Patchlevel LD90-SP2-MCP_CORE-2011-0324
there might be a credential problem in reading the kaspersky download location out of configuration. Instead of direct download using patchemea.landeks.com as fallback?
Our Log for \vaminer.details.log:
05/09/2011 10:00:03 INFO 3860:1 : -------------------------------------VAMiner Started. --------------------------------------
05/09/2011 10:00:03 INFO 3860:1 : Commandline arguments:
05/09/2011 10:00:03 INFO 3860:1 : /TASKID=1336
05/09/2011 10:00:04 INFO 3860:1 : Current language: DEU
05/09/2011 10:00:04 INFO 3860:1 : Using culture info: de-DE
05/09/2011 10:00:04 INFO 3860:1 : Error: Unable to find user 'OURDOMAIN\SYSTEM' in the ConsoleUser table.
05/09/2011 10:00:12 INFO 3860:1 : ------------------- Update process started --------------------
05/09/2011 10:00:12 INFO 3860:LoadingPatchSources : Error: Unable to find user 'OURDOMAIN\SYSTEM' in the ConsoleUser table.
05/09/2011 10:00:18 INFO 3860:1 : Zugriff auf Site Europa wird geprüft (https://patchemea.landesk.com)
There is another log that gives the details for the actual pattern file download process, I had forgotten to mention it.
\Program Files (x86)\landesk\ManagementSuite\log\GetBases.exe.log
There should be a line in there that says "Set to download from Kaspersky site" if it is downloading from Kaspersky.
in the log GetBases.exe.log
there is a line in there that says "Set to download from Kaspersky site".
But in the log there is no update for hours, thats strange compared to the official kaspersky site (http://www.kaspersky.com/viruswatch3) saying there were three regular releases published at 12:22h; 15:10 and 17:22.
Why is there such a lag in time before an update is processed in landesk? Obviously the user of landesk antivirus do not get all regular updates in the moment.
Wed, 11 May 2011 11:01:10 All files are up-to-date.(10)
Wed, 11 May 2011 12:01:11 All files are up-to-date.(10)
Wed, 11 May 2011 13:00:56 All files are up-to-date.(10)
Wed, 11 May 2011 14:00:49 All files are up-to-date.(10)
Wed, 11 May 2011 15:00:53 All files are up-to-date.(10)
Wed, 11 May 2011 16:02:20 All files are up-to-date.(10)
Wed, 11 May 2011 17:01:15 All files are up-to-date.(10)
Wed, 11 May 2011 18:01:45 All files are up-to-date.(10)
We are working with kaspersky to determine why there is a difference in the times shown.
1 of 1 people found this helpful
I am unable to talk specifically to the Getbases log, but in terms of how the Viruswatch times work. Here is what Kaspersky has told us.
The Viruswatch website time are in in Moscow local time. They do not adjust to the timezone of the local Computer.
The times that are shown in the Landesk Console are in GMT.
There will be a difference in minutes because there is a verification process that the pattern files goes through before they are made public. The Viruswatch website does not adjust for that process.