7 Replies Latest reply on Dec 13, 2016 12:54 PM by phoffmann

    LDAV Definition Files changelog

    kbrooks Apprentice

      Is there a way to view the change-log for LDAV Definition File updates? The reason I am asking is this past Thursday (11/10), we started seeing a number of hits on the 'Ask Toolbar' msi. These were mostly on old systems that may have had the MSI downloaded at some point (more than likely as part of a java upgrade). It would be good to know if this was added to the detection list and that is why we are suddenly seeing these old files come in (systems had been scanned in the past). We can make assumptions, but that does not work for executives asking about it.

       

      Thank you,


      ~Kevin

        • 1. Re: LDAV Definition Files changelog
          michael.odriscoll SupportEmployee

          Hi Kevin,

           

          Thanks for posting to the Community.

           

          Were you able to find any information on this? If you think something might help somebody else, please share with us here.

           

          Michael

          • 2. Re: LDAV Definition Files changelog
            kbrooks Apprentice

            Hi Michael,

             

            I have not heard anything regarding this nor was I able to find anything as of yet. I am going to be pursuing Kaspersky to see if they may have this information somewhere. I'll post here if I find anything.

             

            ~Kevin

            • 3. Re: LDAV Definition Files changelog
              phoffmann SupportEmployee

              Are you talking about updates to the LDAV definitions / files on the CLIENT or on the Core?

               

              Core-content updates will usually go into the VAMINER-log (go into the VAMINER.DETAILS log for more information).

               

              Clientside ... there are various update logs that you can find under - C:\ProgramData\LANDeskAV\

               

              Is that what you're after?

              • 4. Re: LDAV Definition Files changelog
                kbrooks Apprentice

                What I am actually looking for is a changelog for the definition updates, not the software updates.

                • 5. Re: LDAV Definition Files changelog
                  phoffmann SupportEmployee

                  That response doesn't help specify what you're actually after sadly.

                   

                  The DEFINITIONS download is covered in the VAMINER logs, as I've pointed out. So new / changed content that's downloaded would be listed thee.

                   

                  If you're talking about a separate log for changes to existing content - so "vulnerability X has been set to 'do not scan' but has been changed to 'do scan' by Bob" - then by default, we do NOT log that, but you can track that via auditing.

                  Auditing_Patch_Content.jpg

                   

                  Don't know about auditing / how to enable it? Check here - How To: Enable Auditing for a User

                   

                  ... if this doesn't answer your question, please give a concrete example of what you're after.

                   

                  Hope this helps.

                  • 6. Re: LDAV Definition Files changelog
                    kbrooks Apprentice

                    Maybe this will help....

                     

                    What's New - Microsoft Malware Protection Technologies

                     

                    Just like Microsoft is doing, I would like to know what new threats were added to the virus definition files, and maybe some information regarding those threats. For example, say a virus threat called 'Rocker' gets released in the news, executives want to know if we are protected against that... I'd like to pull up the definitions changelogs and be able to say yes... we are scanning for the 'Rocker' threat since 11/30/16.

                     

                    Or, in what happened to us in production, the definitions pushed out on 12/5/16 caused a number of false positives, so I'd like to go into that changelog, and find out what it is scanning for now that is generating the false positives so that I can put in an exception if it is a known false positive on our end. Does this make more sense now?

                    • 7. Re: LDAV Definition Files changelog
                      phoffmann SupportEmployee

                      Right - now I'm with you.

                       

                      OK - potentially doable ... my concern would be around "killing you with kindness / spam" - AV definitions update as frequently as 15 minute intervals.

                       

                      We have our regular patch content update newsletter type thing ... ehh - lemme find it ... something like this - - LANDESK Patch News Bulletin: Patch Manager Content is Available for Upgrading from Windows 10 RTM to Windows 10 Version … - pretty much 90% of the stuff this gentleman posts - XLANDMark - is related around patch content and so on.

                       

                      So ... we could probably come up with something like that. I'm not sure how much the existing logs will help - you'd see updates to various KAV base files, but that doesn't translate into "we've changed definitions for naught software X / added detection for evil software Y" and so on (again, those things have MASSIVE turnover, even on a daily basis).

                       

                      So the way forward here would be by and large via an enhancement request in this case. Or you can trawl through Kaspersky's www-site (I had a quick peek, but am shattered atm and didn't see anything obvious to an "update history" type link) ... may involve more than 10 seconds of looking around - possible they already have something like that (wouldn't be unreasonable) - have a peek for yourself (since you're probably more awake than me atm).

                       

                      Otherwise, the ER portal can be found here -- Enhancement Requests - to make life easier .