That should read LANDesk 9.5 SP1 with the vulscan patch applied, not just 9.5
Also I just double checked and according to the registry it's using the correct number policy to scan once a week at noon, I'd started it on Saturday
•DWORD Value: KLBehavior
I can find no XML file on XP in the location specified in the allusers folder defining behaviour.
Wrong area for help? Sorry if I posed in the wrong forum or thread. !http://community.landesk.com/support/images/emoticons/confused.gif|___jive_emoticon_name=confused|jivemacro=emoticon|class=jive_macro jive_emote|src=http://community.landesk.com/support/images/emoticons/confused.gif!
Ok so I found the KLbehaviour_vXXX.XML on the machine, as well as others, and they refer back to the set behaviour built to scan once a week that "did" work perfectly well before going to 9.5....this gets more confusing all the time.
At the same time I had deployed to a few machines that were chosen to not ever run a scan and the machine I checked seemed to be working fine, it wasn't running the scan repeatedly, and in the about it stated a scan was not scheduled (as it should) and it's updating daily as defined.
My bad - I now noiticed I pasted the wrong job (buit it was in the original attachment)
2: C:\Program Files\LANDesk\LDClient\antivirus\ldav.exe /scancomputer /AVSche
handle : 893747
start : Tue Jul 16 19:09:54 2013
frequency : 604800 <-- 1 week
Thanks for everyones assistance!
Hey RogerHolmes have you had any luck working this out?
I am experiencing the same problem but only on servers - on one has reported slow workstations at this stage.
The scan was running again as soon as it stopped before applying SP1.
Odd thing is it doesn't affect all servers - but it does bring them to a grinding halt on the ones it does.
The only luck I ever had was to change the schedule to no scanning (and even at that it still does a critical scan once in a while - it would be nice if LANDesk would communicate with the third party they get their AV from to find these solutions).. After having the PC's scanned many many times over several days I'm going with real time protection until some sort of a solution can be found. I plan on testing the import of schedules from settings on a PC I have set up to have the settings tab available, but for the general user I don't have this available.
I have one other issue where if I leave Update Program Modules enabled the program takes an update and the license goes bad and the AV shuts down on a reboot. The solution from LANDesk is to disable the Update Program Modules - and yes, it does stop the problem but it's not a fix and according to what I was told a "hotfix" was being worked on to resolve this.
The servers are running different AV software and that's not my department but thank goodness we aren't having that issue with the servers also!
Don't get me wrong LANDesk has a great product but having solutions in a timely manner other than turning off features that are supposed to work would be nice - I realize the AV is a third party but it's their choice so it would be nice if they got this sorted with their choice of AV provider.
I have had to revert to the same essentially.
I've kept realtime off all along as they are servers so not being able to perform scheduled scans either isn't a good position for us, as we have recently found users with malware in their roaming profiles.
I agree it is disappointing this issue hasn't been resolved, it is a big thing for us.
Fortunatly I haven't had a single licensing error with LDAV since we implemented it only a short time ago, I hope it stays that way.
I have been informed that LANDesk is working on a patch, I have shot an email off to our account manager this evening to find out when to expect the release of the fix; if you haven't done so I might suggest that to you.
All the best.
1 of 1 people found this helpful
The AV scans running multiple times in a day on the computer is a bug that we are working on a patch for. Open a supprt case with LANDesk to get added to the bug. As a workaround, uncheck the AV scan option in the AV settings and schedule the AV scan through the LANDesk Console.
Thanks for that tidbit. How about I just add it to the already open case asking to be advised with THIS patch is done that I get advised as well as the hotfix (or bugfix if you prefer) regarding the AV turning itself off (as a side note I don't recall any Windows XP machine disabling itself, all the ones that took the update that disabled the AV were Windows 7 machines) however after this PC refresh I should no longer have any XP machines on the network.
There were no settings in the AV scan option (I assume you were talking PC and I don't give the users the options to change settings, so they don't have the settings tab we want to control them) there was only a policy on the network that the PC's scan once a week via this policy. I made a new policy for no scans and this stopped the multiple scans once the PC took the policy update. The REAL pain was the AV disabling itself as I had it 1/2 deployed when the bug was discovered and once it took the update you had to reinstall and that requires 2 reboots and for many users that's a pain as they have to "open all them windows again"
Did you find some particular conditions when this issue happends? Or it happends on each client with LDAV?
For me it happened with each client - I even deleted the LANDesk LocalScheduler job to see if it was an issue. It seemed that the policy that was there and working perfectly before the update to LD9 SP1 was the policy in place and causing the issue as it was not untill I changed the PC's to a "No scan" policy that the issue "pretty much" (the PC's still do occasional Critical area scans) stopped.
The multiple AV scans issue will happen on all agents after the Core Server is upgraded to 9.5 SP1 and that have the AV scan selected in the AV settings.
There weren't any conditions in my case. It was basically 1 group of servers doing it before SP1, then a different group after. I tried updating the AV and installing the patch as I mentioned earlier but that only seemed to make it worse at my end.
Here are the details of the cause of the issue.
The issue is that when Vulcan runs it would check the AV tasks in the Local Scheduler. There was code that would cause it to delay 2 hours that was meant to be for only during Antivirus install. However, the bug caused it to re-write the AV tasks for 2 hours later every time Vulscan ran or AV initialized. This caused the update task or scan task to run every 2 hours on average.
For example, if Vulscan ran and the AV tasks were scheduled for 2 hours later and then if during those 2 hours vulscan ran again or AV was initialized again it would be pushed out another 2 hours.
A fix has been identified and should be included in the next component patch for LDMS 9.5 SP1.
So in the meantime we are to not scan PC's or servers on a schedule. What sort of a timeline is there for a fix for this as I'm sure not everyone has time to go to all their PC's or servers and manually scan them.
Thanks for your help BTW - I'd click correct answer but I really have no way of being certain it is the correct answer. It certainly seems right and sounds reasonable but you would wonder why the bug got there in the first place assuming this was tested before it was released.
I'm not trying to be a pain but of course I start delivering this and on the machines I tested the issue didn't seem to be there (however on a fresh load on a new PC the scan isn't that noticable, it was users with tons of "stuff" that brought the multiple scans to my attention). So in their view the issue was caused by us as it worked fine before the upgrade.
LANDesk has released (today), a MCP that resolve this issue.
You can find more info, here: http://community.landesk.com/support/docs/DOC-27264 under the LANDesk 9.5 Service Pack 1 > LD95-SP1-CP_BASE-2013-0813 Section.