Here is what I recommend:
- Set your critical areas scan to run daily.
- Set your full scan to run weekly.
- Set your Antivirus definitions to update every 4 hours on the core server.
- Set your Antivirus definitions to update once a day on your clients.
Here are the steps I would recommend:
Within your LANDesk Antivirus settings, go to the "Scheduled Tasks" section.
You will have 3 options for setting a schedule.
- Update - This updates the antivirus pattern files
a. Set the time you want it to run
b. Repeat after: 1 day
c. Important: Set a time range you want it to run in. If you don't, if it misses it's time, it will reschedule itself for the next time the computer logs in, and it will use that new time from there on.Full Scan
- Critical Areas Scan—scans computer memory, startup objects and disk boot sectors
Basically set this with the same settings as the pattern file update, but you want it to run AFTER the pattern file update (to take advantage of the very latest definitions)
- Full Scan—full scan of the computer, except for network drives and e-mail data files (the Computer scan scope)
I don't know if it is a difference in version number...I am on 9.0 SP3.
But I don't see anything relating to those kind of specific options.
Are the steps you are recommending on the agent config or the LD AV settings itself? Screenshots would be very helpful if you can provide them.
I don't see options for being more specific with updating pattern files or differentiating between critical areas scan and full scan.
David is talking about the Antivirus settings on your Core server. Then it will depend on your version, Dave is referring to 9.5 & 9.5 SP1, that works with Kaspersky Endpoint Security 8 and version 10.1/10.2.
Appears that way. So any tips for us still on 9.0?
What I've found best for your situation (I had the same issues) is to set the available options as close as possible in 9.0 to what LANDesk is reccomending and creating queries and scheduled tasks for the rest of it.
I have 5 different queries running hourly to pickup machines that fall under mulitple categories. Below is an example of what I've setup for one of them.
Here's a screenshot of my query for machines that have definitions within the last 24 hours but missed their weekly scan (hasn't run within the last 7 days):
Something you should remember is that you can use SQL query commands inside the queries to get verify specific criteria.
For this specific query, I have a task created to update definitions (using the current agent's configuration) and then run a scan (using the current agent's configuration). I have it targeting the above query.
I have 3 seperate copies of this scheduled task due to how long the scans take to run (on average). I have one set at 9am, 12pm, and 3pm. All of these tasks are scheduled to run daily at their specified time.
To make sure my queries are up to date, I have a task scheduled to run an Inventory Scan on each machine in the queries every hour.
I had similar issues on 9.0. and other issues on 9.5 base. It has been very stable on 9.5 sp2 except for a patchable issue on mcp0417. I recommend moving toward 9.5.
Just a quick info on this:
LANDESK changed the Kaspersky Engine with 9.5 SP1 from 8 to 10 and there were a lot of major changes!
I would recommend everybody who is using AV that they should update to the latest version, as the KAV Engine is much more stable and configurable as the old one was.