2 Replies Latest reply on Mar 24, 2010 9:22 AM by JonKeo

    How do you configure your regular spyware scan?


      Greetings, fellow Landesk admins!


      My employer has Landesk 8.8 SP3 and we have started to enforce regular spyware scans. I would like to share my settings and user feedback to solicit comments/advice  from my  Landesk admin peers in this forum.


      The Landesk population in my company are largely composed of laptops which frequently moves in and out of my internal network. So, policy-based tasks and ldbroker configuration have been utilized. I have created a specific scan and repair setting for spyware type and enabled autofix. A security scan is created using this spyware scan-repair with a push-policy deployment method (with required and periodic settings). I've allowed a generous amount of snoozes to allow users to delay the scan towards the end of the day. Reboots can also be snoozed for a few more hours. Missed snooze requests are automatically snoozed. At the end of the snooze limit, scans/reboots automatically execute.


      I have also updated my Landesk clients to the latest service pack as well as the latest hotifx/patch for spyware scanner version (as well as some beta patches to address scanning failures).


      Here are some of the user feedback that I've collected as a result of the recently enforced spyware scanning.


      1. computing performance degradation - spyware scanning appears to target the entire filesystem during which time the disk utilization is very high despite low processor usage. When users choose to run the scan while working on other tasks, they become unhappy with the slow response.
      2. snooze is good but could be better - the snoozes can delay the task to temporarily get it out of the way of the busy user. However, my users would like the additional flexibility to snooze it for max of X hours, i.e., schedule it to run on their own schedule, as well as being able to recall the task in case they change their mind. I am tempted to write and deploy an hta script that creates the task and inserts it into the Landesk scheduler as well as create a shortcut to run the scheduled item.
      3. policy-based tasks can get messy - The core status for the device and the device's local client database sometimes get out of sync. When I remove devices from a policy-based task (to remove devices that have reported spyware scanner failures), the same devices can re-enroll themselves back into task. The alternative is a pure push task but my external Landesk clients will not receive the task to process it so the net effect is lower. I've written the usual fix, ie,  clientdb deletion/recreation/validation, deletion of xml files, and running policy sync and invoker, into a vbscript so that my helpdesk can execute the troubleshooting steps precisely and swiftly.


      Do you run regular spyware scans? How have you configured your spyware scan such that user acceptance is better than my description?


      Thank you in advance for the comments and advice.

        • 1. Re: How do you configure your regular spyware scan?



          This is a very good configuration and gives some work around's that I'm going to steal when talking to other customers. It really shows the flexibility of our product when in the hands of a determined user.


          A suggestion would add is on the Snooze screen I would add a comment that they need to let the scan run its course. This scan does a Full system scan so it's going to take up allot of the system resources.


          Also you might look at how often you have the periodic interval that you have set. If you have the Realtime Ppyware enabled, this is definitely something that you don't need to have running everyday. I would do once a week, that will keep your definitions up to date. and will catch anything that somehow made it past the realtime scan. Of course this is dependant on your environment, the nature of the business and your end users computer usage might require the scan running everyday.

          1 of 1 people found this helpful
          • 2. Re: How do you configure your regular spyware scan?



            Our configuration is not nearly as complex as yours.  We simply setup a full disk scan for Saturday evenings. As you can imagine, some users have their workstations turned off or laptops are unavailable for the scheduled task to run. We try and target those users during departmental meetings or other times when their machines are forced to remain on due to other maintenance.


            I would like to see more features and control provided for the malware configuration in future versions.