This article details the troubleshooting steps for LANDESK Antivirus. For high level training it is highly recommended to go through the relevant areas of KL 102.10: Kaspersky Endpoint Security and Management
LANDESK Antivirus Installation
Three different methods can be used to install LANDESK Antivirus on a client.
Installed as part of the Agent installation
- Select LANDESK Antivirus component within the Agent Configuration - Start - Agent Components to Install section.
- Configure desired settings within the Agent Configuration - Security and Compliance - LANDESK Antivirus section.
Installed through an Install/Update Security Components task Open the Agent Settings tool within the LDMS console.
- Select the Create a Task dropdown and select Install/Update Security Components.
- Select desired Task Type, Select LANDESK Antivirus Components to Install, select desired Task Options, and desired reboot options (Controlled through Scan and Repair Settings)
Note: If experiencing installation issues, you can select the box "Troubleshoot LANDESK Antivirus installation using interactive mode" to run an Antivirus installation with a full UI available.
Run "vulscan /installav" from the command line of a client computer
If experiencing installation issues, add the command line options "/interactive" and "/showui" ("vulscan /installav /interactive /showui")
Installation log files
Log Filename | Purpose | Location |
---|
ldav_install.log | Logs installation activity controlled by LDAV.EXE | %appdata%\LANDESKAV |
msi_install.log | Logs installation of Kaspersky Endpoint Security .MSI | %appdata%\LANDESKAV |
installav.log (or installav#.log) | Logs installation activity controlled by Vulscan.exe | %appdata%\vulscan |
KESPatchMSI.log, KESPatch.log | Logs installation of all Kaspersky patches applied | %appdata%\Kaspersky Lab |
KL*.log, Ucaevents.log | Logs installation of Kaspersky | C:\Windows\Temp or %Temp% |
Installation troubleshooting tips: To easily open the log file directories at the client "Run" line type "vulscan e" to open the %appdata%\vulscan directory or "vulscan av" to open the %appdata%\LANDESKAV folder
Most installation failures will be logged within the MSI_INSTALL.LOG or in the KL*.log. Installation activity is also recorded to the Security Activity tool within the LDMS console.
Installation requires a reboot if installing over an older version of LANDESK Antivirus or removing another 3rd party Antivirus.
In addition it will require another reboot after the latest critical updates have been applied as part of updating the pattern files.
Possible Installation issues
- Insufficient Memory - Install failures due to insufficient memory requirements are viewable in the Security Activity Tool in the LDMS console and in the MSI_Install.log file
See Kaspersky Endpoint Security 10 for Windows (for workstations)
- Conflicting 3rd Party Software
During installation, LANDESK Antivirus will detect the presence of incompatible 3rd-party software. LANDESK Antivirus utilizes the Kaspersky Cleaner utility in addition to the existing removal capabilities of LDAVHLPR.DLL. If conflicting software is found during the LANDESK Antivirus installation, one of two events will occur:
- Conflicting software will be automatically removed - List of applications incompatible with Kaspersky Endpoint Security 10 for Windows
- Installation will fail - Install failures due to incompatible software are viewable in the MSI_Install.log file or KL*.log.
Uninstalling LANDESK Antivirus
The following methods can be used to uninstall LANDESK Antivirus:
- Schedule a "Remove Security Components" task from within the Security Activity tool in the LANDESK Console. Select "LANDESK Antivirus" as a component to remove.
- Run "vulscan /removeav" from the client command line
Note: When attempting to remove and reinstall LANDESK Antivirus, an uninstall must be performed and then an install performed. Reinstalling over top does not remove and reinstall the .MSI, it simply performs the LANDESK specific actions controlled by vulscan.exe and LDAV.EXE.
Product Activation
How to troubleshoot LANDESK Antivirus license issues
Directories
- C:\ProgramData\LANDESKAV - Main directory for LANDESK Antivirus log files
- C:\ProgramData\Kaspersky Labs - Directory for Kaspersky trace files
- C:\Program Files\landesk\ldclient\antivirus - Main directory for LANDESK Antivirus service
- C:\Program Files\landesk\ldclient\antivirus\install - Used to install LANDESK Antivirus and rebrand Kaspersky Endpoint Security
- C:\Program Files\landesk\ldclient\antivirus\temp_bases8 - Used to update pattern files
- C:\Program Files\landesk\ldclient\antivirus\kav - Kaspersky Endpoint Security files
- C:\ProgramData\Kaspersky Lab\KES10\Bases - Pattern files directory for Kaspersky Endpoint Security 8.
- C:\Program Files\LANDESK\LDClient\Antivirus\KAV\Patches - Directory where Kaspersky patches are stored. Look here to see if patches have been downloaded.
Files
Filename | Purpose | Location |
---|
LDAV.exe | LANDESK Antivirus Service | LDClient\Antivirus |
LDAV.key | License file for LANDESK Antivirus | LDClient\Antivirus |
Registry Keys
Key Name | Purpose |
---|
HKLM\Software\KasperskyLab | Kaspersky Antivirus Settings |
HKLM\Software\LANDESK\ManagementSuite\WinClient\Antivirus | Configuration Information, Last Scan Dates, Status Information |
HKLM\Software\LANDESK\ManagementSuite\WinClient\Antivirus\License | License details |
HKLM\Software\LANDESK\ManagementSuite\WinClient\Vulscan\klbehavior | Current assigned LANDESK Antivirus settings |
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\976DD27DCE3AFCF4FAFA212E5542056B\Patches | Currently installed patches |
Settings
The LANDESK Antivirus scanner, as with the LANDESK Security vulnerability scanner, uses an XML file to configure its behavior.
Antivirus Settings files are stored in C:\ProgramData\Vulscan\KLBehavior_<id>.xml
The following registry key value indicates the ID of the AV behavior being used:
- Key: HKLM\Software\LANDESK\ManagementSuite\WinClient\Vulscan
- DWORD Value: KLBehavior
Antivirus Settings XML files can be updated using a Scheduled Task on the core; or they can be updated automatically according to the same schedule that vulscan uses to update its own Agent Behaviors. In order to refresh settings, a Change Settings Task can be created on the Core Server. In order to simply refresh settings, select the "Create a Task" dropdown in Patch Manager, select "Change Settings" and then create a schedule. Alternatively "vulscan /changesettings" can be run from the client command line. (Add /showui to the command to view the UI while it is running)
Settings that cannot be configured through LANDESK Management Suite
Currently all settings available within the client side LANDESK Antivirus GUI (Kaspersky Endpoint Security 10) cannot be configured using LANDESK Management Suite. In order to utilize settings not available within the LANDESK Antivirus Settings within the LANDESK Management Suite Console, the following document outlines steps can be performed:
How to import Kaspersky Agent settings to the LDMS Agent settings on the Core
Tasks
Scheduled tasks for Update, Full Scan, and Critical Areas scan are created via LANDESK Local Scheduled Tasks. It will not create a task within LANDESK Antivirus. As a result, the tasks within the Client UI will show "Manually".
![Manually.png]()
To view the LANDESK Local Scheduled tasks from the LDCLIENT directory run LocalSch.exe /tasks | more
![Schedule.png]()
Task 7 runs LDAV.EXE /UPDATE /update - Antivirus pattern file updates (Recommended update frequency is daily, before the daily scan)
Task 8 runs LDAV.EXE /UPDATE /AVScheduledScanType=0 - Critical Areas Scan (Recommended scan frequency is daily, after pattern files have been updated)
Task 9 runs LDAV.EXE /UPDATE /AVScheduledScanType=1 - Full System Scan (Recommended scan frequency is weekly)
Gathering logging information for LANDESK support
Standard Log Files
Windows XP/2003
- C:\Documents and Settings\All Users\Application Data\LANDESKAV\*.log
- C:\Documents and Settings\All Users\Application Data\vulscan\installav*.log
- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\*.log
- C:\Windows\Temp\KL*.log
Windows 7 and later
- C:\ProgramData\LANDESKAV\*.log
- C:\ProgramData\LANDESK\Log\*.log
- C:\ProgramData\vulscan\installav*.log
- C:\ProgramData\Kaspersky Lab\*.log
- C:\Windows\Temp\KL*.log, %TEMP%\KL*.log,
- C:\Windows\Temp\Ucaevents.log, %TEMP%\Ucaevents.log
- C:\Documents and Settings\All Users\Application Data\LANDESKAV\*.log
- C:\Documents and Settings\All Users\Application Data\vulscan\installav*.log
Trace Log Files
The following article contains detailed information for gathering trace log files: How to gather trace log files for LANDESK Antivirus
GetSystemInfo Report
The GetSystemInfo gathers details information about a computer, including hardware information, operating systems, drivers, installed, software, etc. This utility can be very useful for determining the cause of certain issues.
GetSystemInfo Utility Download
- Extract the downloaded GetSystemInfo Utility .ZIP file
- Run GSI.EXE that you extracted from the .ZIP file
- Click the button green "Play" button to start gathering the report.
- Wait until the utility has completely scanned the system. (This make take quite some time)
- Click OK to confirm the creation of a report.
A file will be created with the default name GetSystemInfo_<USER>_YYYY_MM_DD.zip. Attach this report to your created case, or e-mail it to your LANDESK Support technician
The GetSystemInfo report can then be reviewed and further analyzed by doing the following
- Browse to http://www.getsysteminfo.com/
- From the GetSystemInfo web site click "Choose file" and then browse to the previously gathered GetSystemInfo log file and upload it to the site.
Memory Dump
In case of a blue screen, a memory dump will need to be gathered.
Right-click "My computer" and choose "Properties"
Go to the "Advanced" tab and then click "Settings" under "Startup and Recovery"
Under the "System failure" section under "Write debugging information" click the drop-down and select "Complete memory dump"
Make note of the path that the MEMORY.DMP file will be saved to.
Duplicate the blue screen issue and then collect the MEMORY.DMP file and compress it in a .ZIP file.
A complete memory dump must be supplied, a mini dump does not supply sufficient information.
See Varieties of Kernel-Mode Dump Files (Windows Debuggers) for details about memory dump options.