Quantcast
Channel: Ivanti User Community : Document List - Antivirus and Antispyware
Viewing all 213 articles
Browse latest View live

About incompatible products that can be removed during LANDESK Antivirus installation


How to Configure a Preferred Server for LANDesk Antivirus pattern file content

$
0
0

Setting up a preferred server for replicating LANDesk Antivirus pattern file content.

 

LANDesk Antivirus takes advantage of all of the software distribution technologies built in to LANDesk Management Suite, including Preferred Package Servers.

This article discusses how to configure preferred package servers to host the LANDesk Antivirus pattern file content.

 

Create Web Share for Preferred Package Server

Note: This must be done on a server running web sharing services (such as IIS)

  1. Create a folder on the target preferred server that mimics the pattern file content directory on the core server:

    For our example we will create the following directory structure:
    Program Files (x86)\LANDesk\ManagementSuite\LDLogon\Antivirus8\win\Bases8

  2. Open IIS Manager, expand the navigation tree, right-click on Default Web Site and select “Add virtual directory”

  3. Enter “LDLOGON” for the share alias, and navigate to the Program Files (x86)\LANDesk\ManagementSuite\LDLogon directory created in Step 1.
      
  4. After creating the directory, right-click LDLogon in the navigation tree and select “Edit Permissions”

    Permissions should be configured as follows:

    Everyone:
    Read & Execute, List Folder Contents, Read
    IUSR: Read & Execute, List Folder Contents, Read
    NETWORK SERVICE: Full Control
    Administrators: Full Control

  5. Enable directory browsing by selecting the LDLogon folder in the navigation frame and then clicking the “Directory Browsing” icon and clicking “Enable” in the right-hand pane.

 

Create UNC share for LDLOGON directory


  1. Navigate to the \Program Files (x86)\LANDesk\ManagementSuite directory and right-click on the LDLogon share.
  2. Right-click and go to “Advanced Sharing”
  3. Click “Share this folder”.
  4. Click “Permissions” and give an account Full Control access to the share.   This will be necessary for the LANDesk Content replication tool to have writes to copy Antivirus pattern file content to the share.
  5. Ensure that the same account is also given Full Control on the Security tab.

Configure the Preferred Server in LANDesk Management Suite


  1. Within the LANDesk Management Suite Console click Configure à Preferred Server
  2. Right-click “Preferred Servers” and select “New Preferred Server”
  3. Enter Server Name and Credentials to the newly created LDLOGON share on the Preferred Server
  4. Enter the IP address ranges for the clients subnet(s) that this preferred server will serve.


If you want to replicate the antivirus pattern file content from the Core Server to the Preferred Server using LANDesk Content Replication, use the following steps.

 

  1. Under “Selected Replicator” in the Preferred Server Properties select a Windows-based managed node from the list of computers. For more information about configuring a replicator, please see: LANDesk Content Replication - Replicator Configuration
  2. Accept Default Run options unless there is something in particular you want to change.
  3. Set up a schedule for the replicator to run.   For the client to utilize the Preferred Server for Antivirus pattern files properly, replication should occur shortly after the core server updates antivirus pattern files.   Therefore, a schedule should bet set up for the core server to download pattern files on a regular basis, and a replication task should be set to closely follow the completion of that.
  4. Under “Sources” click “New” to create a new content replication source.
  5. Name the source “Antivirus Pattern File Content”.
  6. For the UNC or HTTP Path enter http://coreservername/ldlogon/antivirus8/win/bases8
  7. Enter credentials to with read access to the share.
  8. Move to the “Preferred Servers (Targets)” tab and select the desired preferred server from the list.
  9. Select “Mirroring” in the left hand pane and check the box next to “Enable Mirroring”.
  10. Click “Save”.

 

Note: LDLOGON/Antivirus8/Win/Bases8 is the only directory that needs replicated.   LDLOGON/Antivirus8/Win also contains other folders: backups, dskm, loadbalancing, and temp_bases8.   The backups directory is used to backup the bases8 folder.  dskm, loadbalancing and temp_bases8 are used to download the files in bases8. 

How to report undetected malware to LANDESK

$
0
0

Description


Sometimes malware shows up that does not have a pattern file yet.  This is true for all viruses when they are first written.  These are called "zero day" viruses.  In order for a pattern to be created, the virus must be reported and sent LANDESK.

 

How to report and send an Infected or Suspicious File

If there is a file(s) that is identified as suspicious, before submitting the file(s) for analysis make sure that all infected machines are scanning with the latest definition files. Once all machines have been scanned with the latest definition files then follow the steps outlined below to have the infected files analyzed.

 

  1. Collect the infected virus file(s) and compile them into a password protected .ZIP file.
    (The password must be "infected" and the file format must be in a .ZIP format)
  2. Navigate to http://avdrop.landesk.com/ and drag and drop the password protected .ZIP file to the site.
  3. If you would like a return contact from LANDESK Support with the verdict of the file(s) you have submitted, please Contact LANDESK Support and open a Support Case.  It is recommended to use the Support Portal to do this.  If you simply want to submit a suspicious file to be included in pattern file content and do not wish to receive a notification of the verdict, you can upload the file without opening a support case.

 

Current virus detection and pattern file activity can be viewed here: http://www.kaspersky.com/viruswatchlite

For a virus glossary, virus encyclopedia, and for searchable virus information, please visit http://www.viruslist.com.  This site is maintained by Kaspersky Labs, who provides the Scanning Engine within the LANDESK Antivirus product.

 

Note: If the file you have is something you suspect is a "False Positive", or in other words a file that you believe does not contain malware but is being reported by LANDESK Antivirus as malware, the following instructions for submitting a False Positive to LANDESK Software should be followed:

LANDesk Antivirus false positive virus detection submission process

 

In addition, as an extra troubleshooting step, you can upload the suspicious file to https://www.virustotal.com.  This website will compare the file against ~40+ Antivirus engines.  If the majority say it is malware, it is likely malware, if the majority say it is not malware it is either likely not malware, or it is a very new virus variant that is not yet detected by the majority of Antivirus vendors.

How to submit requests regarding Spyware Content

$
0
0

Description

There may be situations where spyware is either not completely detected, or not completely removed during the scan process.

Spyware is software or other code that is typically installed as part of another product installation, a visit to an infected web site, or other activities that enables a user to obtain covert information about another's computer activities by transmitting data covertly from the computer that the spyware is installed on.

 

Resolution


Submit a request to LANDESK Customer Support to have detection and remediation content added so that the spyware is properly detected and removed.

 

Process for submitting requests for Spyware content:

 

In order for LANDESK to add this undetected spyware the following process must be followed:

  1. If possible, the actual install executable that downloaded and/or installed the spyware.
  2. The executable that was installed on the computer. You can usually find this by looking in the running processes. Spyware generally takes up an unusual amount of memory or CPU usage.
  3. Any additional information about the suspected spyware. please include any information that you know.

  • A description of how it is installed, a website, email, or as part of a different installation.
  • A description of what it does: Does it launch additional sites?  Does it download other applications?  Etc.
  • A description of any malicious behavior, processor utilization, file corruption, etc,
  • Any other other observations.

  • Compress any files that you collected in .ZIP format and password protect it with the password "infected".
  • Upload the files to ftp://ftp.landesk.com/spyware
  • Call LANDESK Support and create a support case. They will need to know the name of the file you uploaded.  In addition please provide a detailed description of the issue.
  •  

    Our team will make a thorough assessment of the submitted information to determine if they should be identified and removed.

    How to limit the end user ability to modify LANDESK Antivirus Settings.

    $
    0
    0

    Question

     

    How do I limit the end user ability to modify LANDESK Antivirus Settings, shut down the services, etc?

     

    Answer

     

    There are various places to limit the user ability to modify LANDESK Antivirus Settings.

     

    LANDESK Antivirus Settings

     

    There are various locations within the LANDESK Antivirus Settings where User Control can be modified.

     

    To modify the LANDESK Antivirus settings:

     

     

    1. Open the Security and Patch Manager Tool in the LANDESK Management Suite Console.

    2. In the dropdown for the 3rd icon select "LANDESK Antivirus Settings"

    3. Select the Antivirus Setting you wish to edit and click "Edit"

     

    Note, the following screens will point out the different areas that can affect user feedback and/or interaction.  For a full explanation of these settings, see the LANDESK Advanced Training article.

     

    Antivirus Settings - General Tab

    AVSettingsUserOptions-GeneralTab.png

    • Show LANDESK Antivirus in system tray - Enables or Disables the yellow Antivirus shield icon from showing in the system tray
    • Enable right-click scanning - Adds or removes the option "Scan for viruses" when right-clicking a Drive, Directory, Folder, or File.
    • Allow user to add files and folders to Trusted Items List - Allows users to add files to a trusted list.  This means LANDESK Antivirus will trust those files and will not scan them.  (Security Risk)

     

    Antivirus Settings - Real-time Protection Tab

    AVSettionsUserOptions-RealTimeTab.png

    • Allow user to disable realtime scanning for up to [ x ] minutes - (Security Risk)

          (This option should only be enabled for IT personnel or similar responsible users that routinely work with files that could be considered a security risk)

     

    Antivirus Settings - Scheduled Scan Tab

    AVSettionsUserOptions-ScheduledScanTab.png

    • Allow user to schedule scans - Regular scheduled scans should be enforced on a schedule set by the Administrator within the Antivirus settings on the core.  However, in some instances, it may be necessary to allow the user to Schedule the scans to their own desired schedule.

     

    Antivirus Settings - Virus Definition Updates Tab

    AVSettionsUserOptions-VirusDefinitionUpdatesTab.png

    • Users may download virus definition updates - Regular pattern file updates should be enforced on a schedule set by the Administrator within the Antivirus settings on the core.  However, in some instances, it may be necessary to allow the user to Schedule virus definition updates on their own schedule.

     

    Note: For further information about scheduling regular Scans and Pattern file updates, see this article.

     

    Antivirus Settings - Quarantine/Backup Tab

    AVSettionsUserOptions-Quarantine-BackupTab.png

    • Allow user to restore suspicious objects - (Security Risk)
    • Allow user to restore infected objects and risky software - (Security Risk)
    • User must enter a password to restore objects

     

    Typically these options should only be enabled on IT personnel computers or users with similar needs.  If you want the ability for an Administrator to restore objects while at a users desk, enable all of the options, and include a password for restoring objects.

     

     

    Using Agent Watcher to monitor LANDESK Antivirus Services

     

    Agent Watcher is a configurable component within the Agent Configuration that enables monitoring, enforcement and reporting on critical LANDESK files and services.  For further general information about Agent Watcher, please refer to the LANDESK Help File under the heading "LANDESK Agent Watcher" or within the User's Guide (Available as a download from this LANDESK Product Documentation page) in the "LANDESK Agent Watcher" chapter.

     

     

    Use Security and Patch Definitions to ensure Antivirus is up to date and running

     

    The following slide, taken from the LANDESK Advanced Antivirus training shows the different Security and Patch definitions that can be used to ensure that LANDESK Antivirus is running properly in your environment:

     

    AVPatchVulnerabilityDefinitions.png

     

    Use Windows User Rights to limit user interaction

     

    Windows User rights and Group Policy settings can be used to limit the user ability to stop services, etc.

     

     

    Install LANDESK Application Control as part of LANDESK Endpoint Security to protect critical LANDESK Files

     

    LANDESK® Host Intrusion Prevention System (HIPS) layers added security to thwart malicious attacks and rootkits using application control that prevents applications from executing in malicious ways right on your individual host systems. Use it to extend the power of LANDESK® Security Suite or LANDESK® Patch Manager and LANDESK® Antivirus. Even in it's most basic configuration, LANDESK HIPS provides protection for various critical system files, and also the LANDESK Client files.

     

    For further information regarding LANDESK HIPS:

     

    http://www.LANDESK.com/SolutionServices/product.aspx?id=788

     

    http://community.LANDESK.com/support/community/security/hips

    How to import Kaspersky Agent settings to the LDMS Agent settings on the Core

    $
    0
    0

    This article contains explanations on how to import settings of the Kaspersky Agent (on the client) to the LDMS agent settings on the Core Server.

     

    Environment

     

    LDMS 9.5 with LANDesk Antivirus 9.5 client (Based on Kaspersky Endpoint Security 8)

     

    LANDesk Antivirus 9.5 Agent (Based on Kaspersky Endpoint Security 8)

     

    Sometimes you might want to personalize the settings of your Antivirus agent, in the tab Settings for example, especially when you are not able to change it from the Core.

     

    One setting that you will possibly want to change is the Exception List inside the Network Attack Blocker.

    The IP adresses range you will want to exclude will be add locally to your agent, but if you want the same IP adresses exclusion list in your other LANDesk Antivirus 9.5 clients that you managed, you will need to export your Antivirus client settings and import them to your Core. Then, you will be able to deploy those settings to a group of machines.

     

    Export your client's settings

     

    Once you have configured the Antivirus client  as needed, you will want to export the settings.

     

    1- Configure the Network Attack Blocker (for example) :

    1.PNG

     

    2- Export the settings of the Agent (Advanced Settings > Save )

     

    2.PNG

     

     

    Import your client's settings to the core

     

    3- Import the settings on the Core Server (Agent Settings > LANDesk Antivrus settings > Advanced Settings > Import )

     

    3.PNG

     

    Then you are ready to use those settings for your agents, in this example, your LANDesk Antivirus 9.5 agent will now have the Network Attack Blocker configured.

     

    Import your client's settings to other clients directly



    Occasionally, you might want to import these settings directly to other clients.  To do so, open LANDesk Antivirus on the client:

    1. Select the Settings tab and select Advanced Settings
    2.   Under the Manage Settings header, select the Load button.  Choose your .cfg file and import it.

    Snap_2015.07.06 09.43.39_001.png

    Antivirus exclusions (exceptions) for LANDesk Core Server

    $
    0
    0

    This article discusses Antivirus exclusions (also known as exceptions) that are recommended for the LANDesk Core Server.

     

    When installing Antivirus on the LANDesk Core server, it is recommended to set the Real-time Portection File Types to Scan option to "Scan infectable files only".   This is set within the LANDesk Antivirus settings on the "Real-time Protection" tab.

     

    For a list of what LANDesk Antivirus considers "Infectable files" see this article.

     

    For the full scheduled virus scans, it is recommended to set the scan to "Scan all file types".   This is set in the LANDesk Antivirus Settings in the "Virus scan" tab.

     

     

    For general information about Antivirus Exclusions, see this article.

     

    For specific information on configuring Antivirus Exclusions for specific server types (IIS, SQL, Exchange, Etc) see this article.

     

     

    Some Antivirus products (LANDesk Antivirus included) have separate exclusions lists for real-time scanning and on-demand scanning.  Most exclusions will apply only to Real-time Scanning, as scanning some directories during computer operation can severely impact performance.

     

    Antivirus exclusions need to be set both in the "Real-time protection" tab and the "Virus Scan" tab within the LANDesk Antivirus settings.

     

     

    Configuring Antivirus exclusions for a LANDesk Core Server

     

     

    As most LANDesk Core servers house IIS for the web console, general Antivirus exclusion instructions should be followed that pertain to IIS:

     

    Create the following exclusions:

     

    • The IIS compression directory (default compression directory is %systemroot%\IIS Temporary Compressed Files)
    • The  %systemroot%\system32\inetsrv folder

     

    • Files that have the .log extension

     

    If the SQL Database resides on the core server, the following instructions should be followed:

     

    http://support.microsoft.com/kb/309422

     

     

    LANDesk specific directories:

     

    \Program Files\LANDesk\Managementsuite\brokerreq

    \Program Files\LANDesk\Managementsuite\IncomingData

    \Program Files\LANDesk\Managementsuite\ldscan

    \Program Files\LANDesk\Managementsuite\log

    \Program Files\LANDesk\Managementsuite\sdstatus

    \Program Files\LANDesk\Managementsuite\xddfiles

    \Program Files\LANDesk\Managementsuite\vulscanresults

    \Program Files\LANDesk\Managementsuite\ldlogon\agentbehaviors

    \Program Files\LANDesk\Managementsuite\ldlogon\vulnerabilitydata

     

    LANDesk specific files:

    \Program Files\LANDesk\ManagementSuite\LANDesk.ManagementSuite.Licensing.ActivateCore.exe

    \Program Files\LANDesk\Managementsuite\ldlogon\ldiscn32.exe

     

    General Exclusion information for Microsoft Operating Systems

     

    http://support.microsoft.com/kb/822158

    LANDESK Antivirus false positive virus detection submission process

    $
    0
    0

    Description

     

    Sometimes new Virus Definitions will detect legitimate files as a virus.  These are called "False Positives".

     

    For further information on how to recover if this false positive is causing issues in your environment, see this article.

     

    In order for the definition to be adjusted, the "False Positive" must be reported and sent to us immediately.

     

    How to report and send files being detected incorrectly as a virus.

     

    If there is a file(s) that are being identified as a False Positive, before submitting the file(s) for analysis make sure that all affected comptuers are scanning with the latest definition files. Once all machines have been scanned with the latest definition files then follow the steps outlined below to have the infected files analyzed.

     

    For further information on how to ensure your clients are using the latest Antivirus pattern files, see this article.

     

      1. Open a Management Suite console

      2. Go to Tools | Security | Security and Patch Manager

      3. Expand Settings

      4. Click on LANDESK Antivirus

      5. Double click on the Antivirus settings the client is using.

      6. Click on Real-Time Protection

      7. Check the Allow user to disable Realtime scanning for up to ___ minutes option

      8. Click on Quarantine/Backup

      9. Check "Allow user to restore suspicious objects" and "Allow user to restore infected objects and risky software"

      10. Click Ok

      11. On the client Click Start | Run

      12. Type Vulscan /changesettings /showui, this will download the setting changes you made.

      13. Click Start | Run | LANDESK Management | LANDESK Antivirus

      14. Click Disable next to Real-Time Protection

      15. Click View details next to Quarantine or Backup depending on where the file is located.

      16. Take note of the original location.

      17. Highlight the file.

      18. Click Restore.

      19. Click Restore File.

      20. Collect the file(s) from the Original Location and compile them into a password protected .ZIP file.

      21. Compile the "infected" file(s) into a password protected .ZIP file.  Name the file "FalsePositive(UniqueName).zip".  (Where "UniqueName" is a filename of your choosing).

        IMPORTANT!

        The file must be password protected with a password of "infected". The compression type must be a .ZIP.

        Other compression types will not be accepted.The file should not be a self-extracting zip file.

     

    1. Place the file on LANDESK's site: http://avdrop.landesk.com/

    2. Contact LANDESK Support and open a Support Incident and provide the name of the sample file uploaded to the ftp site. (Case sensitive)

    3. Revert the changes made in steps 1-10.

    4. Current virus definition release activity can be viewed here:  http://www.kaspersky.com/viruswatchlite?

    Note: Once the antivirus pattern files are updated to correct the false positive, the files within quarantine will be restored to their original locations.

     

    LANDESK Support Contact information


    LANDESK Antivirus and Windows 10

    $
    0
    0

    Information will be published shortly about future compatibility of LANDESK Antivirus and Windows 10.

    How to install a standalone LANDesk Antivirus agent

    $
    0
    0

    Question:

     

    Is it possible to install a standalone Antivirus agent?

     

    Answer:

     

    The closest thing to a standalone LANDesk Antivirus agent is configuring a LANDesk Agent Configuration to install only LANDesk Antivirus.

     

    The following steps describe the best known method for installing a "standalone" LANDesk Antivirus agent.   It assumes that you want to install the LANDesk Antivirus agent on a client computer that does not have access to the core server, and will access the Internet rather than the Core Server for antivirus pattern file updates.

     

     

    Part One - Preparation

     

    1. Ensure that you have the latest Antivirus Engine and Latest Antivirus Patches.    Make sure to read this article as well.

    2. Download the latest Antivirus Pattern Files

     

         a. Open the Security and Patch Manager Tool in the LANDesk Management Suite console.

         b. Click the "Download Updates" icon.   (The first icon in the list)

         c. Go to the "LANDesk Antivirus" tab and click "Get latest definitions

     

    Part Two - LANDesk Antivirus Settings

     

    1. In the Management Suite Console go to Tools - Configuation - Agent Settings.

    2. Expand My Agent Settings, select LANDesk Antivirus.

    Screen Shot 2013-04-04 at 2.08.50 PM.png

     

    3. Select the Antivirus Setting you wish to modify and select [Edit].

    4. Review all settings on all tabs and make sure they are set as desired.

    5. On the "Update" tab, set "Download Virus Definition Update from" to either "Internet only" or "Internet First.   Fallback to core if internet is not available".


    Note: These option will determine where the client will attempt to get it's Antivirus Pattern File updates from.  If the client will have no access to the Core Server, select "Internet only".   If the client will have occasional access to the Core, select "Internet First.  Fallback to core if internet is not available.

     

    6. Once all changes have been made to the LANDesk Antivirus settings, save the settings.

     

    Part Three - Agent Configuration

     

    1. Open the Agent Configuration Tool in the LANDesk Management Suite Console.
    2. Select the first icon, which is the "New Agent Configuration" icon, or right-click and empty space in this window and select "New Windows agent configuration"
    3. In the section labeled "Start" select only "LANDesk Antivirus" under "Agent components to install" and deselect all other components.
    4. Expand the section labeled "Standard LANDesk Agent" and go to the Inventory Scanner section.  Uncheck the box labeled "When IP address changes (Miniscan only).  Next in this same screen click the "Change Settings" button, and change "Repeat after" to "None".
    5. Expand the section labeled "Security and Compliance - Patch and Compliance Scan" and make sure the box labeled "When user logs in" is not checked.  Next in this same screen click the "Change Settings" button, and change "Repeat after" to "None".
    6. Select the "LANDesk Antivirus" section in the left-hand pane.
    7. If you have an existing Antivirus product from another party it will be removed.
    8. Select the LANDesk Antivirus Setting you created or modified in Part Two of these instructions.
    9. Select a Scan and Repair setting whose Reboot Settings will be used by the install.
    10. Select the option for "Include both 32 bit and 64 bit Antivirus Setup Files" (Other options can be used if needed, this just keeps it simple although results in a larger file size for the installer)
    11. Select whether or not to include the Latest Virus Definition Approved for Distribution.
    12. Make sure in the top section under "Configuration Name" that you have named your Configuration a suitable name.
    13. Save the Agent Configuration.
    14. Right-click the Agent Configuration and select "Create self-contained client installation package"
    15. Select the directory you would like the Agent Configuration Executable to be saved to.
    16. This will create two executables in the directory you selected.

     

    Configurationname.exe    (This is a silent installation executable)

    Configurationname_with_status.exe   (This will install the agent with a GUI showing the status during installation)

     

     

    At this point you can run the Agent Configuration executable file you created on your Client computer.

     

    Note: During the Antivirus installation process, the client attempts to contact the core server.   If the core server is not available, the client will stop attempting to contact the core server and the installation will continue.   The timeout when attempting to contact the server can add up to a 10 minute delay to the Antivirus installation process.

    How to Disable Kaspersky Endpoint Security Service

    $
    0
    0

    Purpose

     

    This article covers how to allow managing the Kaspersky Endpoint Security service.

     

     

    Steps

     

    The Kaspersky Endpoint Security service is self protecting by default. Leaving the service disabled is not advised.

    In the event stopping the service is necessary:

     

    Note: The outlined methods will allow for 'external management of the systems service'. This means it will allow users to manually stop the service. The following actions do not stop the service by itself.

     

    For Multiple Clients

    • Open the LANDESK Antivirus settings on the LDMS Console
    • Select Advanced settings
    • Un-check Disable external management of the system service
    • Save the settings
    • Push the new settings out to the client

    disable_service.png

     

    For Individual Clients

    • Open the LDAV Interface on the client
    • Click the Settings tab
    • Click Advanced Settings
    • Un-check Disable external management of the system service

    disable-individual.png

     

    With the Disable external management of the system service unchecked, the Service can be stopped as needed.

     

    service.png

    Remote Zero Day Vulnerability Discovered in Kaspersky Endpoint Security 10 - September 2015

    $
    0
    0

    Issue

     

    A recent 'remote zero day vulnerability' was discovered which impacts some Kaspersky products, including Kaspersky Endpoint Security (KES) 10.

    KES 10 is included in LDMS versions 9.6 (all) and 9.5 SP1-CP_BASE-2013-1017

     

     

    Resolution

     

    This vulnerability is addressed by applying the latest Antivirus Definitions as of 09/08/2015.

    Download new AV Content, and push definitions to clients.

    New AV Content will address the issue, and no further action is necessary.

     

     

    Related Articles:

     

    http://www.pcworld.com/article/2980724/security/kaspersky-lab-pushes-emergency-patch-for-critical-vulnerability.html

    http://www.ibtimes.com/kaspersky-fireeye-security-products-cracked-researchers-2085291

    How to centralize all LANDESK Antivirus activity logs

    $
    0
    0



    How to centralize all LANDESK Antivirus activity logs

     

    At times it is advantageous to see in one place on the core server the details of each computer's LANDESK Antivirus activity (Ex; Threats which have been detected on the Web, Disinfection impossible for some files etc...) which allows you to remotely monitor the events without being connected to each machine.

     

     

    There are 2 methods;

     

    Method 1:  By using the LDMS Console "Alerts" tool (see printscreen below)

      This is a partial answer because it won't give you all the activity details possible in the LANDESK Antivirus tool. Click here to learn how to configure Alerts on an LDMS 9.6 Console.

     

    Alert.png


    Method 2: By using the advanced LANDESK Antivirus Advanced Settings and the Windows Event Viewer Subscriptions

      This is the most complete way to gather onto one server or one workstation all the LANDESK Antivirus logs regarding all the Antivirus events occurring on all computers managed.


      To do this, it needs to be done in 3 phases;

     

    1. Modify the LANDESK Antivirus advanced settings in order to collect all the events of your choice on the local Event Viewer
    2. Import the advanced settings into the LANDESK Antivirus agent setting on the LDMS Console
    3. Configure event viewer on both the "Collector" server and the "Source" Computers for the Subscription

     

    Step by Step for Method 2

     

    Step 1: Modify the advanced settings on the LANDESK Antivirus User Interface in one client

    • Go on a client configured with LANDESK Antivirus deployed
    • Open the LANDESK Antivirus UI and click on the Settings tab
        • Note: Be sure that the agent settings allows the user to access to the settings tab (see Agent Settings Printscreen below where the "Allow user to change settings" has to be checked)

                        Screen.png

    • Click on Advanced Settings tab, then Interface tab, and click on the Settings Button (see printscreen below)

        Screen 2.png   

    • On the left pane, you have access to all the LANDESK Antivirus services you have configured on the agent settings (Ex: File Anti-Virus, Mail Anti-Virus etc.) and also to the Updates, Scan Tasks and System Audit (i.e: to know who did what). For each tab, you can define which event should be recorded on the local Event Viewer log file by checking the boxes on the column "Save in Windows Event Log". Once all that is done, click on OK

        Screen 4.png

    • Come back to the previous screen and click on the Save button


    Step 2: Import the advanced settings into the LANDESK Antivirus agent setting on the LDMS Console to spread it across all the managed computers with a LANDESK Antivirus already installed



    Step 3: Configure event viewer on both the "Collector" server and the "Source" Computers for the Subscription


    Now you are at the step where the LANDESK Antivirus activity are logged on the local Event Viewer logs of each computer under "Applications and Services Logs" - "Kasperky Event Log" (see printscreen below)

        Screen 5.png

      • Note: The Event logs are stored on each computer in the "%systemroot%\System32\Winevt\Logs\Kasperky Event Log.evtx" file


    You need now to collect the "Kasperky Event Log" logs from each computer onto a "Central" server. This is called the Event Subscriptions method (see Event Subscriptions). To do that, here is a method to do that;

     

              IMPORTANT NOTE: To ease up this process, the COLLECTOR machine should have the LANDESK Antivirus installed on it in order to filter only the "Kasperky Event Log" events coming from the SOURCE machines (See printscreen below).

              The COLLECTOR machine could be the Core Server (see article How to install the LANDESK AntiVirus on core server ?)

                  Screen 6.png

    • Depending on where you store this Events on the COLLECTOR machine (For my example in "Forwarded Events" folder), and the Subscriptions advanced settings you chose, you will get the following type of result shown on the printscreen below. You can then use the filter view to see specific events on specific computer(s).

              Screen 7.png

    How to troubleshoot LANDESK Antivirus license issues

    $
    0
    0

    Troubleshooting LANDESK Antivirus licensing issues

     

    This article will describe the technical process that the administrator and LANDESK Antivirus must take in order to successfully install and activate a LANDESK Antivirus key on a client.

     

    How to obtain a LANDESK Antivirus license key

    Either log a case via support.landesk.com over the internet or by

     

    1. Contact LANDESK Support by phone and select Option 1 for Product Activation/Licensing.
    2. Select option 1 again for LDMS/LDSS Licensing support.
    3. Give the Support Engineer your company account name and your contact information.
    4. The Support Engineer will provide a .key file via e-mail.

     

    Import License to Core

     

    The first step that needs to occur is to import a LANDESK Antivirus license into the core server.  You should have received a .ZIP file containing your .KEY file and a .PDF file that details the license information.

     

    The following should be done from a LANDESK Management Suite Console:

     

    1. Extract the .ZIP file received from LANDESK Licensing or from your Sales Representative to a location you will remember.
    2. On the Core Server open the following tool: Security and Compliance -> Agent Settings -> Gear (Settings) dropdown -> LANDESK Antivirus License information
      LicenseInformationWindow.jpg
    3. The following window will open:
      ImportedLicenseInformation.jpg
    4. Browse to the .KEY file unzipped in Step 1.

      Now this window will contain the date the license was created, the license number, and the license information number.

      License Expiration Information can be viewed in several places:

      a. Security Activity tool under LANDESK Antivirus -> Licenses
      LicenseSecurityActivity.jpg
      b. On the client in the LANDESK Antivirus program window under the "License" link at the bottom of the Window.
      ClientLicenseInformation.jpg
    5. After the new license key is imported the file is renamed to LDAV.KEY and gets copied to the LDLOGON\AVCLIENT\INSTALL\KEY folder on the Core Server.

     

    What could go wrong?

    • Failure to write the LDAV.KEY to the LDLOGON\AVClient\Install\Key folder on the core server.  (Check rights, Console.exe.log, etc)

     

    Update of licenses on Managed Clients

     

    1. When the next Security and Compliance (vulscan) scan is run on the client, the vulscan self update feature downloads LDAV.KEY and places it into the LDCLIENT directory.
    2. Vulscan.exe copies LDAV.KEY to the LDCLIENT\Antivirus\Install\Key folder on the client.
    3. Every 5 minutes the LANDESK Antivirus Service compares the hash between the LDCLIENT\Antivirus\Install\Key\LDAV.KEY and LDCLIENT\Antivirus\LDAV.KEY.  (Note: To have this update instantly you can restart the LANDESK Antivirus service)
      (LDAV.KEY in the LDCLIENT\Antivirus folder is the active key that the product uses)
    4. If a difference is found between LDCLIENT\Antivirus\Install\Key\LDAV.KEY and LDCLIENT\Antivirus\LDAV.KEY the license activation process will occur.  This involves invoking the Kaspersky licensing process that imports the key information into the product.
    5. The license information is stored in one of the the following registry keys on the client depending on whether the OS is 32-bit or 64-bit

      HKLM\Software\LANDesk\managementsuite\WinClient\Antivirus\License
      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\landesk\managementsuite\WinClient\Antivirus\License

     

    What could go wrong?

    • Failure to download the LDAV.KEY from the core server.  (This should be noted in the Vulscan.log file on the client).
    • Failure to copy the LDAV.KEY file from the LDCLIENT directory to the LDCLIENT\Antivirus\Install\Key folder on the client (This should be noted in the Vulscan.log file on the client)
      This could be caused by the LDAV.KEY file being read-only.
    • Failure for the LANDESK Antivirus service to copy the LDAV.KEY from LDCLIENT\Antivirus\Install\Key folder to the LDCLIENT\Antivirus folder on the client (This would show in the \ProgramData\LANDESK\Log\LDAV.log file)
    • Failure to write the registry key information (HKLM\Software\LANDesk\managementsuite\WinClient\Antivirus\License or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\landesk\managementsuite\WinClient\Antivirus\License)
    • Failure to contact the WSVulnerabilityCore web service to send the Antivirus information.   (Vulscan.log and WSVulnerabilityCore.dll log files should be examined)
    • Failure to write the antivirus information to the Antivirus table in the database.   (WSVulnerabilityCore.dll.log on the core server should be examined, and the Antivirus table can be examined for information about that particular computer
      (Does that computer exist in the database?)
      Run a full inventory scan if it cannot be found.

     

     

    Reporting of LANDESK Antivirus information to the core server

     

    1. Antivirus information is sent to the core server using the PutLDAVTableData method using the WSVulnerabilityCore web service when Vulscan runs or every 5 minutes by the LANDESK Antivirus Service. 

      The following information is sent and is shown in the Vulscan.log in the following manner::

      Thu, 17 Sep 2015 10:52:00 --- Antivirus table data ---------------------------------------
      Thu, 17 Sep 2015 10:52:00 ProductName: LANDESK Antivirus
      Thu, 17 Sep 2015 10:52:00 AutoProtect: On
      Thu, 17 Sep 2015 10:52:00 ProductVersion: 10.2.1.23
      Thu, 17 Sep 2015 10:52:00 EngineVersion: 6.8.0.27
      Thu, 17 Sep 2015 10:52:00 DefVersion:
      Thu, 17 Sep 2015 10:52:00 PubDate: 2015-09-17 07:31:00 (1442496660)
      Thu, 17 Sep 2015 10:52:00 DefInstDate: 2015-09-17 09:28:50 (1442503730)
      Thu, 17 Sep 2015 10:52:00 Empty CTime: 1969-12-31 17:00:00 (0)
      Thu, 17 Sep 2015 10:52:00 LastVirusScan: 2015-09-17 09:29:15 (1442503755)
      Thu, 17 Sep 2015 10:52:00 LastFullVirusScan: 2015-09-15 12:50:21 (1442343021)
      Thu, 17 Sep 2015 10:52:00 LastQuickVirusScan: 2015-09-17 09:29:15 (1442503755)
      Thu, 17 Sep 2015 10:52:00 StartFullVirusScan: 2015-09-15 12:47:44 (1442342864)
      Thu, 17 Sep 2015 10:52:00 StartQuickVirusScan: 2015-09-17 09:28:59 (1442503739)
      Thu, 17 Sep 2015 10:52:00 FullVirusScanCancelled: 0
      Thu, 17 Sep 2015 10:52:00 QuickVirusScanCancelled: 0
      Thu, 17 Sep 2015 10:52:00 AgentRunning: True
      Thu, 17 Sep 2015 10:52:00 PatternServer: YourCoreServerName
      Thu, 17 Sep 2015 10:52:00 LicenseExpirationDate: 2016-09-13 23:59:59 (1473832799)
      Thu, 17 Sep 2015 10:52:00 LicensePeriod: 362
      Thu, 17 Sep 2015 10:52:00 LicenseNumber: XXXX-XXXXX-XXXXXXX
      Thu, 17 Sep 2015 10:52:00 LicenseProductName:
      Thu, 17 Sep 2015 10:52:00 LicenseMaxCount: 2000
      Thu, 17 Sep 2015 10:52:00 --------------------------------------------------------------------------
      Thu, 17 Sep 2015 10:52:00 In SendRequest: Action = SOAPAction: "http://tempuri.org/PutLdavTableData"
      Thu, 17 Sep 2015 10:52:00 SendRequest: SOAPAction: "http://tempuri.org/PutLdavTableData"
    2. This will appear in the WSVulnerabilityCore.dll log on the core as follows:
      09/17/2015 09:52:00 INFO 13484:3     RollingLog : LdavTableData.Update:  Updated a record for Antivirus_Idn = 1
    3. This information is placed into the Antivirus table in the LANDESK database.

     

    What could go wrong?

     

    • Failure to write the registry key information (HKLM\Software\LANDesk\managementsuite\WinClient\Antivirus\License or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\landesk\managementsuite\WinClient\Antivirus\License)
    • Failure to contact the WSVulnerabilityCore web service to send the Antivirus information.   (Vulscan.log and WSVulnerabilityCore.dll log files should be examined)
    • Failure to write the antivirus information to the Antivirus table in the database.   (WSVulnerabilityCore.dll.log on the core server should be examined, and the Antivirus table can be examined for information about that particular computer
      (Does that computer exist in the database?)
      Run a full inventory scan if it cannot be found.

     

    When does LANDESK Antivirus check to see if the license key is valid?

     

    • During LANDESK Antivirus installation
    • When the LANDESK Antivirus service is started
    • Every 5 minutes after LANDESK Antivirus service is started
    • After pattern file update is performed

     

    When troubleshooting client activation issues, the following log files should be consulted:

     

    • LDAV.LOG - Shows activation activity from the LANDESK Antivirus service start or the 5 minute interval check
    • LDAV_UPDATE.LOG - Shows activation activity if LANDESK Antivirus is activated during pattern file update
    • LDAV_INSTALL.LOG - Shows activation activity if LANDESK Antivirus is activated during the installation
    • Vulscan.log - Shows download and copy of key file
    • WSVulnerabilityCore.dll log - Shows reporting of LANDESK Antivirus information as received from Vulscan or the LANDESK Antivirus service

    How to gather trace log files for LANDESK Antivirus

    $
    0
    0

     

     

    At times an issue with LANDESK Antivirus may require more in-depth analysis and troubleshooting.  LANDESK engineers may request an application runtime trace files for troubleshooting such cases.

    These log files contain verbose information that can assist in finding the root cause of an issue.

     

    How to generate an application trace file

    Note. Make sure your user account has administrator permissions.

     

    1. Click Support in the bottom left corner of the main application window.
      AVSupportLink.jpg
    2. The Support window will open, click System tracing. This will open the Information for Technical Support window.
      SystemTracingLink.jpg
    3. Click Enable to start generating the trace files.
      EnabledTraces.jpg
    4. Stop LANDESK Antivirus by right-clicking the tray icon and selecting Exit and then restart AV by selecting LANDESK Antivirus from the LANDESK program group.

      (If the Exit option does not exist, the following sub-steps should be followed):
        4a. (In order to restart LANDESK Antivirus the following permissions must be set in the LANDESK Antivirus settings in the console and applied to the client):
      AVPermissions.jpg
        4b.
      In order to refresh settings simply refresh settings, select the "Create a Task" (calendar icon) drop-down in the Agent Settings tool, select "Change Settings" and then create a schedule. 
              Alternatively "vulscan /changesettings" can be run from the client command line.  (Add /showui to the command to view the interface while it is running)

    5. Go through the steps that result in the issue observed.
    6. Click Disable to stop generating the trace file.

    Note. Trace files are created in encrypted form with the .ENC1 extension and unique names: [Application-version]_[Creation_date]_[Creation_time_GMT]_[PID]
              This encryption ensures that the log files can only be viewed by an authorized support or development engineer.

     

    Where to find the generated trace files

     

    • Recent Windows Versions:
      • C:\ProgramData\Kaspersky Lab\
    • Microsoft Windows XP / Windows Server 2003: 
      • C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\

     

    If there is an update task running (downloading pattern files), another log file gets generated in *.HST format.

    Important: The created trace files are encrypted and can only be viewed by an authorized support or development engineer.

     

    By default, the folders containing trace files are hidden. Make sure you have the "show hidden files" setting enabled in Windows or type the path into the File Explorer address bar to be able to access the trace files.

     

    Sending trace files to LANDESK Technical Support

     

    Unless requested otherwise, the following steps should be taken to send the trace files to LANDESK Technical Support:

    1. Compress the trace files into a .ZIP format with the filename LANDESKCase#_ldav_trace.zip (Where LANDESKCase# is the numerical LANDESK case number assigned to your incident)
    2. Upload the .ZIP file from to ftp://ftp.landesk.com/incoming
    3. Inform the LANDESK Support technician of the exact file name (please include case sensitivity if it differs from the recommendation above).

     

    Trace log detail levels

     

    Typically the default trace level should be used.  Exceptions will be specified by the support technician:

     

    The following trace levels are available (from minimum to maximum details):

     

    • Critical (100). Logs critical errors only.
    • High (200). Logs all errors including critical.
    • Troubleshooting (300). Logs all errors and warnings.
    • Important (400). Logs all errors and warnings, plus additional information messages.
    • Normal (500).  Logs all errors and warnings, as well as additional information messages and normal operational data.  (This is the default log level)
    • Low (600). Logs all possible messages.

     

    How to delete a trace file

     

    In order to delete the trace files, you should exit LANDESK Antivirus, delete the trace file from the %ProgramData% folder and start the application again.

     

    Useful references

    How to troubleshoot LANDESK Antivirus

    How to enable / disable trace files generation via registry


    How to troubleshoot LANDESK Antivirus

    $
    0
    0

    This article details the troubleshooting steps for LANDESK Antivirus.    For high level training it is highly recommended to go through the relevant areas of KL 102.10: Kaspersky Endpoint Security and Management

     


     

    LANDESK Antivirus Installation

     

    Three different methods can be used to install LANDESK Antivirus on a client.

     

    Installed as part of the Agent installation

    1. Select LANDESK Antivirus component within the Agent Configuration - Start - Agent Components to Install section.
    2. Configure desired settings within the Agent Configuration - Security and Compliance - LANDESK Antivirus section.

     

    Installed through an Install/Update Security Components task Open the Agent Settings tool within the LDMS console.

    1. Select the Create a Task dropdown and select Install/Update Security Components.
    2. Select desired Task Type, Select LANDESK Antivirus Components to Install, select desired Task Options, and desired reboot options (Controlled through Scan and Repair Settings)
      Note: If experiencing installation issues, you can select the box "Troubleshoot LANDESK Antivirus installation using interactive mode" to run an Antivirus installation with a full UI available.

     

    Run "vulscan /installav" from the command line of a client computer

    If experiencing installation issues, add the command line options "/interactive" and "/showui" ("vulscan /installav /interactive /showui")

     

    Installation log files

    Log FilenamePurposeLocation
    ldav_install.logLogs installation activity controlled by LDAV.EXE%appdata%\LANDESKAV
    msi_install.logLogs installation of Kaspersky Endpoint Security .MSI%appdata%\LANDESKAV
    installav.log (or installav#.log)Logs installation activity controlled by Vulscan.exe%appdata%\vulscan
    KESPatchMSI.log, KESPatch.logLogs installation of all Kaspersky patches applied%appdata%\Kaspersky Lab
    KL*.log, Ucaevents.logLogs installation of KasperskyC:\Windows\Temp or %Temp%

    Installation troubleshooting tips: To easily open the log file directories at the client "Run" line type "vulscan e" to open the %appdata%\vulscan directory or "vulscan av" to open the %appdata%\LANDESKAV folder

     

    Most installation failures will be logged within the MSI_INSTALL.LOG or in the KL*.log.  Installation activity is also recorded to the Security Activity tool within the LDMS console. 

     

    Installation requires a reboot if installing over an older version of LANDESK Antivirus or removing another 3rd party Antivirus. 

    In addition it will require another reboot after the latest critical updates have been applied as part of updating the pattern files.

     

    Possible Installation issues

    • Insufficient Memory - Install failures due to insufficient memory requirements are viewable in the Security Activity Tool in the LDMS console and in the MSI_Install.log file
      See Kaspersky Endpoint Security 10 for Windows (for workstations)
    • Conflicting 3rd Party Software
      During installation, LANDESK Antivirus will detect the presence of incompatible 3rd-party software.  LANDESK Antivirus utilizes the Kaspersky Cleaner utility in addition to the existing removal capabilities of LDAVHLPR.DLL.  If conflicting software is found during the LANDESK Antivirus installation, one of two events will occur:

    1. Conflicting software will be automatically removed - List of applications incompatible with Kaspersky Endpoint Security 10 for Windows
    2. Installation will fail - Install failures due to incompatible software are viewable in the MSI_Install.log file or KL*.log.


    Uninstalling LANDESK Antivirus

     

    The following methods can be used to uninstall LANDESK Antivirus:

     

    1. Schedule a "Remove Security Components" task from within the Security Activity tool in the LANDESK Console.  Select "LANDESK Antivirus" as a component to remove.
    2. Run "vulscan /removeav" from the client command line
      Note: When attempting to remove and reinstall LANDESK Antivirus, an uninstall must be performed and then an install performed.  Reinstalling over top does not remove and reinstall the .MSI, it simply performs the LANDESK specific actions controlled by vulscan.exe and LDAV.EXE.

    Product Activation

     

    How to troubleshoot LANDESK Antivirus license issues

     

    Directories

    • C:\ProgramData\LANDESKAV - Main directory for LANDESK Antivirus log files
    • C:\ProgramData\Kaspersky Labs - Directory for Kaspersky trace files
    • C:\Program Files\landesk\ldclient\antivirus - Main directory for LANDESK Antivirus service
    • C:\Program Files\landesk\ldclient\antivirus\install - Used to install LANDESK Antivirus and rebrand Kaspersky Endpoint Security
    • C:\Program Files\landesk\ldclient\antivirus\temp_bases8 - Used to update pattern files
    • C:\Program Files\landesk\ldclient\antivirus\kav - Kaspersky Endpoint Security files
    • C:\ProgramData\Kaspersky Lab\KES10\Bases - Pattern files directory for Kaspersky Endpoint Security 8.
    • C:\Program Files\LANDESK\LDClient\Antivirus\KAV\Patches - Directory where Kaspersky patches are stored.  Look here to see if patches have been downloaded.

     

    Files

     

    FilenamePurposeLocation
    LDAV.exeLANDESK Antivirus ServiceLDClient\Antivirus
    LDAV.keyLicense file for LANDESK AntivirusLDClient\Antivirus

     

    Registry Keys

     

    Key NamePurpose
    HKLM\Software\KasperskyLabKaspersky Antivirus Settings
    HKLM\Software\LANDESK\ManagementSuite\WinClient\AntivirusConfiguration Information, Last Scan Dates, Status Information
    HKLM\Software\LANDESK\ManagementSuite\WinClient\Antivirus\LicenseLicense details
    HKLM\Software\LANDESK\ManagementSuite\WinClient\Vulscan\klbehaviorCurrent assigned LANDESK Antivirus settings
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\976DD27DCE3AFCF4FAFA212E5542056B\PatchesCurrently installed patches

     

    Settings

     

    The LANDESK Antivirus scanner, as with the LANDESK Security vulnerability scanner, uses an XML file to configure its behavior.


    Antivirus Settings files are stored in C:\ProgramData\Vulscan\KLBehavior_<id>.xml

     

    The following registry key value indicates the ID of the AV behavior being used:

     

    • Key: HKLM\Software\LANDESK\ManagementSuite\WinClient\Vulscan
    • DWORD Value: KLBehavior


    Antivirus Settings XML files can be updated using a Scheduled Task on the core; or they can be updated automatically according to the same schedule that vulscan uses to update its own Agent Behaviors.  In order to refresh settings, a Change Settings Task can be created on the Core Server.  In order to simply refresh settings, select the "Create a Task" dropdown in Patch Manager, select "Change Settings" and then create a schedule.  Alternatively "vulscan /changesettings" can be run from the client command line.  (Add /showui to the command to view the UI while it is running)

     

    Settings that cannot be configured through LANDESK Management Suite

     

    Currently all settings available within the client side LANDESK Antivirus GUI (Kaspersky Endpoint Security 10) cannot be configured using LANDESK Management Suite.  In order to utilize settings not available within the LANDESK Antivirus Settings within the LANDESK Management Suite Console, the following document outlines steps can be performed:

    How to import Kaspersky Agent settings to the LDMS Agent settings on the Core

     

     

    Tasks

    Scheduled tasks for Update, Full Scan, and Critical Areas scan are created via LANDESK Local Scheduled Tasks.  It will not create a task within LANDESK Antivirus.  As a result, the tasks within the Client UI will show "Manually".

    Manually.png

    To view the LANDESK Local Scheduled tasks from the LDCLIENT directory run LocalSch.exe /tasks | more 
    Schedule.png

    Task 7 runs LDAV.EXE /UPDATE /update - Antivirus pattern file updates (Recommended update frequency is daily, before the daily scan)

    Task 8 runs LDAV.EXE /UPDATE /AVScheduledScanType=0 - Critical Areas Scan (Recommended scan frequency is daily, after pattern files have been updated)

    Task 9 runs LDAV.EXE /UPDATE /AVScheduledScanType=1 - Full System Scan (Recommended scan frequency is weekly)

     

    Gathering logging information for LANDESK support

     

    Standard Log Files

     

    Windows XP/2003

    • C:\Documents and Settings\All Users\Application Data\LANDESKAV\*.log
    • C:\Documents and Settings\All Users\Application Data\vulscan\installav*.log
    • C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\*.log
    • C:\Windows\Temp\KL*.log

    Windows 7 and later

    • C:\ProgramData\LANDESKAV\*.log
    • C:\ProgramData\LANDESK\Log\*.log
    • C:\ProgramData\vulscan\installav*.log
    • C:\ProgramData\Kaspersky Lab\*.log
    • C:\Windows\Temp\KL*.log, %TEMP%\KL*.log,
    • C:\Windows\Temp\Ucaevents.log, %TEMP%\Ucaevents.log
    • C:\Documents and Settings\All Users\Application Data\LANDESKAV\*.log
    • C:\Documents and Settings\All Users\Application Data\vulscan\installav*.log


    Trace Log Files

     

    The following article contains detailed information for gathering trace log files: How to gather trace log files for LANDESK Antivirus

     

    GetSystemInfo Report


    The GetSystemInfo gathers details information about a computer, including hardware information, operating systems, drivers, installed, software, etc.  This utility can be very useful for determining the cause of certain issues.

     

    GetSystemInfo Utility Download

     

    1. Extract the downloaded GetSystemInfo Utility .ZIP file
    2. Run GSI.EXE that you extracted from the .ZIP file
    3. Click the button green "Play" button to start gathering the report.
    4. Wait until the utility has completely scanned the system.  (This make take quite some time)
    5. Click OK to confirm the creation of a report.

     

    A file will be created with the default name GetSystemInfo_<USER>_YYYY_MM_DD.zip.  Attach this report to your created case, or e-mail it to your LANDESK Support technician


    The GetSystemInfo report can then be reviewed and further analyzed by doing the following

    1. Browse to http://www.getsysteminfo.com/
    2. From the GetSystemInfo web site click "Choose file" and then browse to the previously gathered GetSystemInfo log file and upload it to the site.

     

    Memory Dump

     

    In case of a blue screen, a memory dump will need to be gathered.

     

    Right-click "My computer" and choose "Properties"

    Go to the "Advanced" tab and then click "Settings" under "Startup and Recovery"

    Under the "System failure" section under "Write debugging information" click the drop-down and select "Complete memory dump"

    Make note of the path that the MEMORY.DMP file will be saved to.

    Duplicate the blue screen issue and then collect the MEMORY.DMP file and compress it in a .ZIP file.


    A complete memory dump must be supplied, a mini dump does not supply sufficient information.


    See Varieties of Kernel-Mode Dump Files (Windows Debuggers) for details about memory dump options.

    LANDESK Antivirus Incompatible Software

    $
    0
    0

    Description

     

    When installing any security software it is important to ensure compatibility between other security products that may be installed on the system. This document provides details on how to determine if there are known compatibility issues before deploying LANDESK Antivirus.

     

    Incompatible Products

     

    To see a list of products that are incompatible with the version of your core server you can review the incompatible.txt file found in the %LDMS_HOME%\ldlogon\avclient\install\setup.


    LANDESK Antivirus is based on Kaspersky Endpoint Security 10.


    A full list of incompatible products is available here:List of applications incompatible with Kaspersky Endpoint Security 10 for Windows



    Log Detection of Incompatible Products

     

    If the install of LANDESK Antivirus finds incompatible software, it will be logged in the kl-setup-{date}.log file from the %temp% directory.

    3768:0e9c 09:20:18.772 *** DetectFilter: found alien softaware Symantec LiveUpdate ***

    3768:0e9c 09:20:18.808 *** Cleaner: EnumCompetitorSoftware type 1. Following software should be removed before installation might be continued 'Symantec LiveUpdate'. Error code: 1. ***


    Incompatible Products removed during LANDESK Antivirus install


    When performing an install of LDAV, a preliminary check of incompatible software/products will occur as outlined above. If possible, these products will uninstalled. In some circumstances, the application may not be able to be removed by the LDAV installation. If this occurs, the 3rd party software will need to be removed by other means. Below is a list of products that the LDAV install will attempt to remove:


    • Acer LANScope Agent 2.2.25.84 x64
    • Acer LANScope Agent 2.2.25.84
    • Ad-Aware 9.6.0
    • Adaptive Security Analyzer 2.0
    • AEC TrustPort Antivirus 2.8.0.2237
    • AEC TrustPort Personal Firewall 4.0.0.1305
    • AhnLab V3 Internet Security 8.0
    • AhnLab V3 Internet Security 8.0 x64
    • AhnLab SpyZero 2007 and SmartUpdate
    • AhnLab V3 Internet Security 7.0 Platinum Enterprise x64
    • AhnLab V3 Internet Security 7.0 Platinum Enterprise
    • Alyac Antivirus x64
    • Alyac Antivirus
    • Avira AntiVir PersonalEdition Classic 7 - 8
    • ArcaVir Antivir/Internet Security 09.03.3201.9
    • ArcaVir Antivir/Internet Security 09.03.3201.9 x64
    • Ashampoo Anti-Malware 1.11
    • Ashampoo AntiSpyware 2 v 2.05
    • Ashampoo AntiVirus
    • AtGuard 3.2
    • Authentium Command Anti-Malware v 5.0.9
    • Authentium Command Anti-Malware v 5.1.0
    • Authentium Command Anti-Malware v 5.0.5
    • Authentium Safe Central 3.0.2.3236.3236
    • ALWIL Software Avast 4.7
    • AVG 2011
    • AVG 2011 x64
    • AVG 2012.0.1913 x64
    • AVG 2012.0.1913 x86
    • AVG 2012 Free 2012.0.1901 x64
    • AVG 2012 Free 2012.0.1901
    • AVG 2012 x64
    • AVG 2012 x86
    • Grisoft AVG 8.5 Free
    • Grisoft AVG 8.5 Free 64-bit
    • Grisoft AVG 8.5
    • Grisoft AVG 8.5 64-bit
    • Grisoft AVG 8.x
    • Grisoft AVG LinkScanner? 8.5
    • Grisoft AVG LinkScanner? 8.5 x64
    • Grisoft AVG 8.x x64
    • AVG 9.0
    • AVG 9.0 x64
    • AVG AntiVirus/Internet Security 2011
    • AVG Anti-Virus Business Edition x64
    • AVG Anti-Virus Business Edition 2012
    • AVG Anti-Virus 2013 13.0.2793 x64
    • AVG Anti-Virus 2013 13.0.2793 x86
    • AVG Free 9.0
    • AVG Free 9.0 x64
    • AVG Anti-Virus FREE 2013 13.0.0.2654 x64
    • AVG Anti-Virus FREE 2013 13.0.0.2654 x86
    • Grisoft AVG 7.x
    • AVG Identity Protection 8.5
    • Avira Free Antivirus 13.0.0.2693 / Avira Antivirus Premium 13.0.0.2693
    • Avira Free Antivirus 12.0.0.207
    • Avira AntiVir Personal - Free Antivirus 10.0.0.565
    • Avira AntiVir Personal - Free Antivirus 10.0.0.567
    • Avira AntiVir Professional 10.2.0.700
    • Avira AntiVir Personal - Free Antivirus 10.2.0.703
    • Avira AntiVir Personal - Free Antivirus 10.2.0.83
    • Avira AntiVir Personal - Free Antivirus 10.2.0.98
    • Avira AntiVir Personal - Free Antivirus 10.00.00.36
    • Avira AntiVir Personal - Free Antivirus 12.0.0.1125
    • Avira AntiVir Personal - Free Antivirus 12.0.0.1167
    • Avira AntiVir Personal - Free Antivirus 12.0.0.144
    • Avira AntiVir Personal - Free Antivirus 12.0.0.254 / Avira Professional Security 12.0.0.254
    • Avira Free Antivirus 12.0.0.323
    • Avira AntiVir Personal - Free Antivirus 12.0.0.861
    • Avira AntiVir Personal - Free Antivirus 8.0 - 10.0 \ Avira Professional Security 12
    • Avira Antivirus Premium 2012 - 2013
    • Avira AntiVir Premium / Avira Premium Security Suite 2010
    • Avira Internet Security 2012 - 2013
    • Avira AntiVir PersonalEdition Premium 7.06
    • Avira AntiVir Professional 10
    • Avira AntiVir Professional 10.2
    • Avira AntiVir Server 10.0.0.1824
    • Avira AntiVir Server/Desktop 12.0.0.1236
    • Avira Endpoint Security 2.6
    • Avira Free Antivirus 12.0.0.125
    • Avira Professional Security 12.1.9.1577
    • Avira AntiVir Premium
    • Avira Premium Security Suite
    • Avira Premium Security Suite x64
    • Avira Professional Security 12.1.9.1580
    • Avira Professional Security 12.0.0.101 Turkish
    • Avira Professional Security 12.0.0.131 Brazil
    • Avira Professional Security 12.0.0.1506 German
    • Avira Professional Security 12.0.0.163 French
    • Avira Professional Security 12.0.0.186 Italian
    • Avira Professional Security 12.0.0.208 Spanish
    • Avira Professional Security 12.0.0.97 Dutch
    • Avira Server Security (generic)
    • Avira Management Console Agent \ Avira Professional Security Management agent (x64)
    • Avira Management Console Agent \ Avira Professional Security Management agent (x86)
    • Kaspersky AntiViral Toolkit Pro
    • Kaspersky AntiViral Toolkit Pro (Silent uninstall)
    • Kaspersky Anti-Virus driver AVPG (9x)
    • Kaspersky Anti-Virus driver AVPG
    • Virus Removal Tool Driver x64
    • Virus Removal Tool Driver
    • BitDefender Antivirus Plus 10.247
    • BitDefender Antivirus 2008
    • BitDefender Antivirus 2009 12.0.10
    • BitDefender 2009 12.0.11.5
    • BitDefender Client Professional Plus 8.0.2
    • BitDefender DeploymentTool Agent 3.5.2.242
    • BitDefender Antivirus Plus 10
    • BitDefender 2011 14.0.29 x64
    • BitDefender 2011 14.0.29 x86
    • Bitdefender 2012 15.0.36
    • BitDefender Standard Edition 7.2 (Fr)
    • Bit Defender Professional Edition 7.2 (Fr)
    • BitDefender 8 Professional Plus
    • BitDefender 8 Professional (Fr)
    • BitDefender 8 Standard
    • BitDefender 8 Standard (Fr)
    • BitDefender 9 Professional Plus
    • BitDefender 9 Standard
    • BitDefender Business Client 11.0.20
    • BitDefender Business Client 11.0.22
    • BitDefender Business Client 3.5.1.0/3.5.2.153
    • BitDefender Business Client 11
    • BitDefender for FileServers 2.1.11
    • BitDefender Free Edition 2009 12.0.12.0
    • BitDefender Total Security 2008 11.0.14
    • BitDefender Internet Security 2009
    • BitDefender Internet Security 2010
    • BitDefender Internet Security 2011 14.0.28 x64
    • BitDefender Internet Security 2011 14.0.28 x86
    • BitDefender Management Agent 3.1.8
    • BitDefender Management Agent 3.1.9
    • BitDefender Management Agent 3
    • BitDefender Security for Windows Servers 3.5.17
    • BitDefender Internet Security 2008
    • BitDefender Internet Security v10.108
    • BitDefender Internet Security 2009 12.0.8
    • BitDefender 2009 Internet Security 12.0.11.5
    • BitDefender Management Agent 3.0.5
    • BitDefender Total Security 2008
    • BitDefender 2009 Total Security 12.0.11.5
    • BitDefender 2010 Total Security 13.0.21
    • CA AntiVirus 2008
    • CA Anti-Virus Plus 7
    • CA Anti-Virus r8.1 / CA eTrustITM Agent r8.1
    • CA Anti-Virus r8.1 / CA eTrustITM Agent r8.1 x64
    • CA eTrust AntiVirus 7
    • CA eTrust Antivirus 7.1.0194
    • eTrust AntiVirus 7.1.194
    • CA eTrust AntiVirus 7.1
    • CA eTrust AntiVirus 7.1.0192
    • CA eTrustITM 8.1.637
    • CA eTrustITM 8.1
    • CA eTrustITM 8.1.637 for Windows 2003
    • CA eTrustITM 8.1.637 for Windows 2003 (x64)
    • CA eTrustITM 8.1.00
    • CA eTrustITM Agent 8.0.403
    • CA eTrust ITM 8.1 and iGateWay 4.2.0.2
    • CA eTrust Pestpatrol 5.0
    • CA HIPS Managed Client 1.0
    • CA eTrust InoculateIT 6.0
    • CA eTrust Suite Personal 2008
    • CA Licensing 1.57.1
    • CA PC Security Suite 6.0 \ Private PC Security Suite 6.0
    • CA PC Security Suite 6.0.00
    • CA Total Defense R12 Client 12.0.831
    • CA Total Defense R12 Client 12.0.831 x64
    • CA Total Defense R12 Client
    • CA Total Defense R12 Client x64
    • CA Total Defense for Business v14
    • CA Total Defense for Business v14 x64
    • CheckPoint VPN client 75.10
    • CheckPoint VPN client R75
    • Cipafilter Client Tools 0.952
    • ClamWin Free Antivirus x64
    • ClamWin Free Antivirus
    • Authentium Command AV 4.90.x / 4.92.x
    • Command AntiVirus for Windows Enterprise 4.94.5
    • Command AntiVirus for Windows 4.94.5
    • Authentium Command AV 4.94.9
    • Command AntiVirus for Windows Enterprise 4.95.2
    • Command AntiVirus for Windows 4
    • Command Anti-Malware for Enterprise 5.1.12
    • Comodo AntiSpam 2.6.0.0
    • Comodo AntiSpam 2.6.0.0 x64
    • Comodo AntiSpam 2.7.0.11
    • Comodo BOClean 4.25
    • COMODO Firewall Pro 1.0 - 3.x
    • Comodo Internet Security 3
    • Comodo Internet Security 4.0.4167.742/4.0.10770.828
    • Comodo Internet Security 5.9
    • Comodo Internet Security 5.0
    • Password Manager XP 3
    • CyberDefender Early Detection Center 5
    • DrWeb for Windows 4.30
    • Dr.Web Enterprise Server 6.00
    • Dr.Web Enterprise Server 6.00 (x64)
    • Dr.Web CommuniGate Plugin 4.33
    • Dr.Web Enterprise Server 6.00.11300
    • Dr.Web Enterprise Agent
    • DrWeb Enterprise Client ver 5,6
    • DrWeb Enterprise Client ver 5,6 x64
    • Dr.Web Enterprise Server (x64). 6.01.09160
    • Dr.Web AntiVirus for Windows Servers 4.33
    • PeoplePC Internet Security 1.5
    • PeoplePC Internet Security Pack / EarthLink Protection Center
    • eScan Corporate 2.0.016.1
    • Emsisoft Anti-Malware 5.1
    • eScan Anti-Virus (AV) for Windows 9.0
    • eScan Anti-Virus for SMB 10.0.962.356 DB
    • eScan Anti-Virus Edition 10.0.962.356 DB
    • eScan Corporate 10.0.962.356 DB
    • eScan Internet Security Suite 9.0 for Windows
    • eScan IIS for SMB 10.0.997.491 DB
    • eScan Virus Control (VC) Edition for Windows
    • ESET NOD32 Antivirus 3.0.669 EN
    • ESET NOD32 Antivirus 3.0.669 Turkey
    • ESET NOD32 Antivirus 3.0.684 x64
    • ESET NOD32 Antivirus 3.0.684
    • ESET NOD32 3.x & 4.x & 5.x generic script
    • ESET NOD32 3.x & 4.x & 5.x generic script (x64)
    • ESET Smart Security 4.0.417 x64
    • ESET Smart Security 4.0.437 x64
    • ESET NOD32 Antivirus 4.0.441
    • ESET NOD32 4.0.467,4.0.627
    • ESET NOD32 Antivirus 4.0.467 Rus
    • ESET NOD32 4.0.468 EN
    • ESET NOD32 Antivirus 4.0.474
    • ESET NOD32 Antivirus 4.0.474 PL
    • ESET NOD32 Antivirus 4.0.474 Spanish
    • ESET NOD32 Antivirus 4.0.474 x64
    • ESET NOD32 4.2.71.2 fr
    • ESET NOD32 4.2.71.2 fr x64
    • ESET NOD32 Antivirus 3.0.684.0 RUS
    • ESET Antivirus 3.0.672.0 Spanish
    • ESET Antivirus 3.650 x64 German
    • ESET Antivirus 3.650 x64
    • ESET Antivirus 3.650 x64 Rus
    • ESET Endpoint Antivirus 5.0.2122.10
    • Eset Endpoint Antivirus 5.0.2126.0 x64
    • Eset Endpoint Antivirus 5.0.2126.3 x64 IT
    • Eset Endpoint Antivirus 5.0.2126.0 x86
    • Eset Endpoint Antivirus 5.0.2126.3 x86 IT
    • ESET Smart Security 4.2.40.10 x64
    • ESET NOD32 Antivirus 4.0.424.0 RUS
    • ESET NOD32 Antivirus 4.0.474.0
    • ESET NOD32 Antivirus 4.0.314 Russian
    • ESET NOD32 Antivirus 4.0.314 x64 Spanish
    • ESET NOD32 Antivirus 4.0.314.0
    • ESET NOD32 Antivirus 4.0.314.0 x64
    • ESET Smart Security 4.0.424.0 x64 Spanish
    • ESET Smart Security 4.0.314.0
    • ESET Smart Security 4.0.314.0 x64
    • Eset NOD32 Antivirus 3.0.669.0 china
    • ESET NOD32 Antivirus 3.0.672.0 RU
    • ESET Antivirus 3.0.642.0 eng
    • ESET NOD32 Antivirus 3.0.551.0
    • ESET NOD32 Antivirus 3.0.563.0
    • ESET NOD32 Antivirus 3.0.621
    • ESET Antivirus 3.642 German
    • ESET NOD32 Antivirus 3.0.645 Spanish
    • ESET Antivirus 3.650
    • ESET Antivirus 3.650 Rus
    • ESET NOD32 Antivirus 3.0.644.0 Traditional Chinese
    • ESET NOD32 Antivirus 3.0.667.0
    • ESET NOD32 Antivirus 3.0.669.0 Traditional Chinese
    • ESET NOD32 Antivirus 3.0.669.0 French
    • ESET NOD32 Antivirus 3.0.669 Spanish
    • ESET NOD32 Antivirus Brazilian 3.0.672
    • ESET Antivirus 3.0.672.0 English
    • ESET NOD32 Antivirus 3.0.672.0 FRA
    • ESET NOD32 Antivirus 3.0.684.0
    • ESET NOD32 Antivirus 3.0.695.0 Traditional Chinese
    • ESET NOD32 Antivirus 3.0.695
    • ESET NOD32 Antivirus 3.0.695 Spanish
    • ESET NOD32 Antivirus 3.0.695 x64 Spanish
    • Eset NOD32 Antivirus 4.0.474.0 x64 german
    • Eset NOD32 Antivirus 4.0.474.0 x86 german
    • ESET NOD32 Antivirus 4.2.35
    • ESET NOD32 Antivirus 4.2.35 x64
    • ESET NOD32 Antivirus 4.2.40.10 Brazil
    • ESET NOD32 Antivirus 4.2.40.10 Business Edition x86
    • ESET NOD32 Antivirus 4.2.40.10 FRA
    • ESET NOD32 Antivirus 4.2.40.10 FRA x64
    • ESET NOD32 Antivirus 4.2.40 Spanish
    • ESET NOD32 Antivirus 4.2.40.10 x64 Brazil
    • ESET NOD32 Antivirus 4.2.40.10 x64 Spanish
    • ESET NOD32 Antivirus 4.2.40
    • ESET NOD32 Antivirus 4.2.40 x64
    • ESET NOD32 Antivirus 4.2.42.0 x64
    • ESET NOD32 Antivirus 4.2.42.0
    • ESET NOD32 Antivirus 4.2.58
    • ESET NOD32 Antivirus 4.2.64
    • ESET NOD32 Antivirus 4.2.64 x64
    • ESET NOD32 Antivirus 4.2.64 x64 Spanish
    • ESET NOD32 Antivirus 4.2.67.10 Traditional Chinese
    • ESET NOD32 Antivirus 4.2.67.10 Traditional Chinese (x64)
    • ESET NOD32 Antivirus 4.2.67.10 x32 English
    • ESET NOD32 Antivirus 4.2.67.10 x64 English
    • ESET NOD32 Antivirus 4.2.67 Spanish
    • ESET NOD32 Antivirus 4.2.67 x64 Spanish
    • ESET NOD32 Antivirus 4.2.71.2 Traditional Chinese
    • ESET NOD32 Antivirus 4.2.71.2 Traditional Chinese (x64)
    • ESET NOD32 Antivirus 4.2.71.2
    • ESET NOD32 Antivirus 4.2.71.2 x64
    • ESET NOD32 Antivirus 4.2.71.3 x86
    • ESET NOD32 Antivirus 4.2.71.3 x64 ita
    • ESET NOD32 Antivirus 4.2.71.3 x64
    • ESET NOD32 Antivirus 4.2.71
    • ESET NOD32 Antivirus 4.2.71 Spanish
    • ESET NOD32 Antivirus 4.2.71 x64
    • ESET NOD32 Antivirus 4.2.71 x64 Spanish
    • ESET NOD32 Antivirus 4.2.76.1 Ru
    • ESET NOD32 Antivirus 4.2.76.1 Rus
    • ESET NOD32 Antivirus 4.2.76 Spanish
    • ESET NOD32 Antivirus 4.2.76 x64 Spanish
    • ESET NOD32 Antivirus 4.0.314 Spanish
    • ESET NOD32 Antivirus 4.2.64 Spanish
    • ESET NOD32 Antivirus 4.0.417.0 FRA
    • ESET NOD32 Antivirus 4.0.417 Spanish
    • ESET NOD32 Antivirus 4.0.417
    • ESET NOD32 Antivirus 4.0.424.0 Spanish
    • ESET NOD32 Antivirus 4.0.424.0 x64 Spanish
    • ESET NOD32 Antivirus 4.0.437.0
    • ESET NOD32 Antivirus 4.0.437 Spanish
    • ESET NOD32 Antivirus 4.0.467.0 Traditional Chinese
    • ESET NOD32 Antivirus 4.0.467.0 Traditional Chinese (x64)
    • ESET NOD32 Antivirus 4.0.467 Spanish
    • ESET NOD32 Antivirus 4.0.467 x64 Spanish
    • ESET NOD32 Antivirus 4.0.474.10 Traditional Chinese
    • ESET NOD32 Antivirus 4.0.474.10 Traditional Chinese (x64)
    • Eset NOD32 Antivirus 5.2.9.12 x64 german
    • Eset NOD32 Antivirus 5.2.9.12 x64 spanish
    • Eset NOD32 Antivirus 5.2.9.12 x64 french
    • Eset NOD32 Antivirus 5.2.9.12 x86 german
    • Eset NOD32 Antivirus 5.2.9.12 x86 spanish
    • Eset NOD32 Antivirus 5.2.9.12 x86 french
    • Eset NOD32 Antivirus 5.2.9.12 x86 IT
    • Eset NOD32 Antivirus 5.2.9.1 x64
    • Eset NOD32 Antivirus 5.2.9.1 x86
    • Eset NOD32 Antivirus 6.0.306.2 x64 russian
    • Eset NOD32 Antivirus 6.0.306.2 x86 russian
    • ESET NOD32 Antivirus Business Edition 3.0.650.0 Spanish
    • ESET NOD32 Antivirus Business Edition 4.0.424.0
    • Eset Nod32 Antivirus Business Edition 4.2.71.2 / 4.2.76.0 x64
    • Eset Nod32 Antivirus Business Edition 4.2.71.2 / 4.2.76.0 x32
    • ESET Remote Administrator Console 2.0.29
    • ESET Remote Administrator Console 3.0.105
    • ESET Remote Administrator Server 3.0.105
    • ESET Smart Security 3.0.645 Spanish
    • ESET Smart Security German
    • ESET Smart Security
    • ESET Smart Security Rus
    • ESET Smart Security 3.0.667 Spanish
    • ESET Smart Security 3.0.672 English
    • ESET Smart Security 3.0.672.0 Spanish
    • ESET Smart Security 3.0.695 Spanish
    • ESET Smart Security 3.0.695 x64 Spanish
    • ESET Smart Security 4.0.437.0 PL
    • ESET Smart Security 4.2.22.0 x64
    • ESET Smart Security 4.2.40
    • ESET Smart Security 4.2.64
    • ESET Smart Security 4.2.64 Spanish
    • ESET Smart Security 4.2.64 x64
    • Eset Smart Security 4.2.71.2 x64 german
    • Eset Smart Security 4.2.71.2 x86 german
    • ESET Smart Security 4.2.71
    • ESET Smart Security 4.2.71 Spanish
    • ESET Smart Security 4.2.71 x64
    • ESET Smart Security 4.2.71 x64 Spanish
    • ESET Smart Security 4.2.76.0 x64
    • ESET Smart Security 4.2.76.0
    • ESET Smart Security 4.2.76.1
    • ESET Smart Security 4.2.76.1 x64
    • ESET Smart Security 4.2.76 Spanish
    • ESET Smart Security 4.0.314.0 PL
    • ESET Smart Security 4.0.314.0 Spanish
    • ESET Smart Security 4.0.417.0 Spanish
    • ESET Smart Security 4.0.424.0 PL
    • ESET Smart Security 4.0.424.0 Spanish
    • ESET Smart Security 4.0.437.0 Spanish
    • ESET Smart Security 4.0.467.0
    • ESET Smart Security 4.0.467 Spanish
    • ESET Smart Security 4.0.474 Spanish
    • ESET Smart Security 4.0.417.0 Fr
    • ESET Smart Security 4.0.437.0 Fr
    • ESET Smart Security 4.0.424.0 Fr
    • Eset Smart Security 5.0.95.0 x64 turkish
    • Eset Smart Security 5.0.95.0 x86 turkish
    • Eset Smart Security 5.0.95 x64 german
    • Eset Smart Security 5.0.95 x86 german
    • Eset Smart Security 5.2.15.0 x64
    • Eset Smart Security 5.2.15.0 x86
    • Eset Smart Security 5.2.15.1 x64 german
    • Eset Smart Security 5.2.15.1 x64 spanish
    • Eset Smart Security 5.2.15.1 x64 french
    • Eset Smart Security 5.2.15.1 x64 russian
    • Eset Smart Security 5.2.15.1 x86 german
    • Eset Smart Security 5.2.15.1 x86 spanish
    • Eset Smart Security 5.2.15.1 x86 french
    • Eset Smart Security 5.2.15.1 x86 russian
    • Eset Smart Security 5.0.9.12 x64 german
    • Eset Smart Security 5.0.9.12 x64 spanish
    • Eset Smart Security 5.0.9.12 x64 french
    • Eset Smart Security 5.0.9.12 x86 german
    • Eset Smart Security 5.0.9.12 x86 spanish
    • Eset Smart Security 5.0.9.12 x86 french
    • Eset Smart Security 5.2.9.12 x86 turkish
    • Eset Smart Security 5.0.9.1 x64
    • Eset Smart Security 5.0.9.1 x86
    • Eset Smart Security 6.0.306.2 x64 russian
    • Eset Smart Security 6.0.306.2 x86 russian
    • ESET Smart Security x64 Ger
    • ESET Smart Security x64
    • ESET Smart Security x64 Rus
    • eTrust EZ Antivirus 6.1
    • eTrust EZ Firewall 6.1.7.0
    • CA eTrust Anti-Virus 7.1.0194
    • eTrust Anti-Spam 2005
    • eTrust EZ Antivirus 2005-2008
    • eTrust Personal Firewall 5.5.114
    • eEye Digital Security Blink 4
    • Trust EZ Firewall 5.1.039
    • Filseclab Personal Firewall
    • Microsoft Forefront Client Security Antimalware Service 1.5.1973
    • Microsoft Forefront Client Security Antimalware Service 1.5.1981.0
    • Microsoft Forefront Client Security Antimalware Service 1.5.1941
    • FortiClient 3
    • FortiClient 4.0.4.0061
    • FortiClient 4.0.4.0061 x64
    • FortiClient Endpoint Security 4
    • F-PROT Antivirus 6.0.9.1
    • F-PROT Antivirus 6.0.9.1 x64
    • F-PROT Antivirus for Windows 6
    • F-PROT Antivirus for Windows 6.0.7.1
    • F-Prot for Windows 3.14
    • F-Secure antivirus for workstation 9.10
    • F-Secure antivirus for workstation 9.20
    • F-Secure Client Security - Virus & Spy Protection
    • F-Secure Client Security 8.01
    • F-Secure Client Security 9.01
    • F-Secure Client Security 9.10
    • F-Secure Client Security 9.11
    • F-Secure Client Security 9.20
    • F-Secure Client Security 9.30
    • F-Secure Client Security 9.31
    • F-Secure Client Security 9.32
    • F-Secure Client Security 9.00/2010/2011
    • F-Secure Internet Security 2012
    • F-Secure Anti-Virus 2006
    • F-Secure Anti-Virus/Internet Security 2008
    • F-Secure Anti-Virus/Internet Security 2009
    • F-Secure Anti-Virus 5-6
    • F-Secure Client Security 7.11
    • F-Secure Anti-Virus for Workstations 9.0 + DeepGuard
    • F-Secure Anti-Virus for Workstations 9.0
    • F-Secure Anti-Virus for Workstations - Virus & Spy Protection 2009
    • F-Secure Anti-Virus / STREAM Antivirus 9.20 / F-Secure Antivirus for workstation 9.01
    • F-Secure Anti-Virus for Windows Servers 7.20
    • F-Secure Anti-Virus for Windows Servers 7.01
    • F-Secure Anti-Virus for Windows Servers 8.00 build 123
    • G DATA AntiVirus 19.0.0.53
    • G DATA AntiVirus 2010
    • G DATA AntiVirus 2012
    • G DATA AntiVirus Client
    • G DATA InternetSecurity 2008
    • G DATA AntiVirusKit 2005
    • G DATA Internet Security 19.0.0.53
    • G DATA InternetSecurity 2010
    • G DATA InternetSecurity 2011
    • G DATA Total Care 19.0.0.53
    • G DATA TotalCare 2010
    • VIPRE Antivirus
    • VIPRE Internet Security
    • Zone Labs IMsecure 1.5.0.39
    • Integrity Flex 5
    • Iolo Personal Firewall 1.5.2
    • IObit Malware Fighter
    • IObit Security 360
    • InfoWatch CryptoStorage (2.1.36)
    • K7AntiVirus 7.0
    • K7TotalSecurity 9.5
    • K7TotalSecurity 10
    • Kaspersky Anti-Hacker 1.0-1.5
    • Kaspersky Anti-Hacker 1.0-1.5 (Silent uninstall)
    • Kaspersky Anti-Hacker 1.7-1.9
    • Kaspersky Anti-Hacker 1.7-1.9 (Silent uninstall)
    • Kaspersky Anti-Virus 4.x
    • Kaspersky Anti-Virus 4.x (Silent uninstall)
    • Kaspersky Anti-Spam Personal 1.1-1.2
    • Kaspersky Anti-Spam Personal 1.1-1.2 (Silent uninstall)
    • Kaspersky Anti-Spam Personal 1.0
    • Kaspersky Anti-Spam Personal 1.0 (Silent uninstall)
    • Kaspersky Anti-Virus 5.0 for Windows File Servers
    • Kaspersky Anti-Virus 5.0 for Windows File Servers (Silent uninstall)
    • Kaspersky Anti-Virus Lite 4.5
    • Kaspersky Anti-Virus Lite 4.5 (Silent uninstall)
    • Kaspersky Anti-Virus Personal Pro 5.0 (5.0.16 - 5.0.20)
    • Kaspersky Anti-Virus Personal Pro 5.0 (5.0.372 - 5.0.712)
    • Kaspersky Anti-Virus Personal Pro 5.0 (5.0.372 - 5.0.712) (Silent uninstall)
    • Kaspersky Anti-Virus Personal Pro 5.0 (5.0.16 - 5.0.20) (Silent uninstall)
    • Kaspersky Anti-Virus Personal 5.0
    • Kaspersky Anti-Virus Personal 5.0 (Silent uninstall)
    • Kaspersky Anti-Virus for Windows Workstation 5.0 (5.0.145 - 5.0.225)
    • Kaspersky Anti-Virus for Windows Workstation 5.0 (5.0.145 - 5.0.225) (Silent uninstall)
    • Kerio Personal Firewall 4.1.2
    • Kerio Personal Firewall 4.2.3
    • Kerio WinRoute Firewall 6.0
    • Kerio Personal Firewall 6.7.1
    • Kerio Personal Firewall 6.7.6
    • Kerio Personal Firewall 6.7.6 x64
    • Kerio Personal Firewall 2.1.5
    • Kaspersky Anti-Virus driver KL1
    • KLFLTDEV Upper Filter
    • Kaspersky Anti-Virus driver KLFLT
    • Kaspersky Anti-Virus driver KLICK (9x)
    • Kaspersky Anti-Virus driver KLICK
    • Kaspersky Anti-Virus driver KLIF
    • Kaspersky Anti-Virus driver KLIF detected by registry
    • Kaspersky Anti-Virus driver KLIN (9x)
    • Kaspersky Anti-Virus driver KLIN
    • Kaspersky Anti-Virus driver KLMC (9x)
    • Kaspersky Anti-Virus driver KLMC
    • Kaspersky Anti-Virus driver KLOP (9x)
    • Kaspersky Anti-Virus driver KLOP
    • Kaspersky Anti-Virus driver KLPF (9x)
    • Kaspersky Anti-Virus driver KLPF
    • Kaspersky Anti-Virus driver KLPID (9x)
    • Kaspersky Anti-Virus driver KLPID
    • LANDesk Antivirus 8
    • Lavasoft Personal Firewall x32
    • Lavasoft Personal Firewall x64
    • Lavasoft Personal Firewall 1.0
    • Lightspeed Systems Security Agent 6.0
    • Lightspeed Systems Security Agent 6.2.0
    • Lightspeed Security Agent 7.01.02
    • Lightspeed Security Agent 7.01.03
    • Lightspeed Security Agent 7.02.01
    • Lightspeed Security Agent 7.02.03
    • Lightspeed Security Agent 8.00.01
    • Lightspeed Security Agent (x64) 8.00.01
    • Lightspeed Security Agent 8.00.02
    • Lightspeed Security Agent 8.00.03
    • Lightspeed Security Agent 8.01.02
    • Lightspeed Security Agent 8.01.04
    • Lightspeed Security Agent 8.02.01
    • Lightspeed Security Agent 8.02.01 x64
    • Lightspeed Security Agent 8.02.02
    • Lightspeed Security Agent 8.02.02 x64
    • Lightspeed Security Agent 8.02.04
    • Lightspeed Security Agent 8.02.04 x64
    • Lightspeed Security Agent 8.02.05
    • Lightspeed Security Agent 7
    • Loaris Trojan Remover 1.2
    • Look 'n' Stop Firewall 2.06
    • AdAware 7-8
    • McAfee Agent 4.0
    • McAfee Agent 4.0.0.1496
    • McAfee Agent (generic)
    • McAfee Alert Manager 4.7.1
    • McAfee AntiSpyware Enterprise 8.5
    • McAfee Anti-Spyware Enterprise Module
    • McAfee Desktop Firewall 8.0 / 8.5
    • McAfee Firewall 4
    • McAfee Firewall Protection Service 5.2.0.603
    • McAfee Personal Firewall Plus 7
    • McAfee Host Intrusion Prevention 8.00.0202 x64
    • McAfee Host Intrusion Prevention 8.00.0202 x86
    • McAfee Firewall Protection Service 8.2.120
    • McAfee SiteAdvisor 2.x
    • McAfee Virus and Spyware Protection Service 5.2.2.121
    • McAfee Virus and Spyware Protection Service 5.2.2.104
    • McAfee Virus and Spyware Protection Service
    • McAfee Security Center 10.0.587
    • McAfee SiteAdvisor
    • McAfee SiteAdvisor Enterprise Plus 3.0.0.476
    • McAfee Site Advisor 3.0.163
    • McAfee Total Protection 10.5.178
    • McAfee Total Protection 11.0.623 build 12.0.129.0
    • McAfee Total Protection Service 4.9.2.358
    • McAfee VirusScan Enterprise 7.1.0
    • McAfee VirusScan Home Edition
    • McAfee VirusScan 4.5.1
    • McAfee VirusScan Enterprise 7.0 German
    • McAfee VirusScan Enterprise 7.0
    • McAfee VirusScan Enterprise 7.1 German
    • McAfee VirusScan Enterprise 7.1 French
    • McAfee VirusScan Enterprise 7.1
    • McAfee VirusScan Enterprise 8.0 German
    • McAfee VirusScan Enterprise 8.0
    • McAfee VirusScan Enterprise 8.0 italian
    • McAfee VirusScan Enterprise 8.0 Spanish
    • McAfee VirusScan Enterprise 8.5.0i
    • McAfee VirusScan 4.5.1 Simplified Chinese
    • McAfee VirusScan 4.5.1 Traditional Chinese
    • McAfee VirusScan 4.5.1 Dutch
    • McAfee VirusScan 4.5.1 French
    • McAfee VirusScan 4.5.1 German
    • McAfee VirusScan 4.5.1 Italian
    • McAfee VirusScan 4.5.1 Korean
    • McAfee VirusScan 4.5.1 Polish
    • McAfee VirusScan 4.5.1 Portuguese
    • McAfee VirusScan 4.5.1 Spanish
    • McAfee VirusScan 4.5.1 Swedish
    • McAfee VirusScan Enterprise 8.0i French
    • McAfee VirusScan Enterprise 8.0.0
    • McAfee Virus Scan Enterprise 8.0.0 Patch 10
    • McAfee VirusScan Enterprise 8.7.0i
    • McAfee VirusScan Enterprise 8.8.0
    • Microsoft Forefront Client Security Antimalware Service 1.5.1993
    • Microsoft Forefront Client Security Antimalware Service 1.5.1996
    • Microsoft Forefront Client Security Antimalware Service 1.5.19
    • Microsoft Forefront Client Security Antimalware Service 1.5
    • Microsoft Forefront Client Security State Assessment Service 1.0
    • Microsoft Forefront Server Security 10.0
    • Microsoft Security Client 2.1.1116.0
    • Microsoft Security Essentials 2-4
    • Microsoft Security Essentials 2-4 x64
    • Microsoft Security Essentials Prerelease 4.2.223
    • Microsoft Security Essentials (all versions)
    • Microsoft Security Essentials x64 (all versions)
    • Microsoft AntiSpyware
    • Microsoft System Center 2012 Endpoint Protection x64
    • Symantec Norton AntiVirus 2008
    • Norton AntiVirus Corporate Edition 7.6.0.0000
    • Symantec Norton AntiVirus 2004 Professional
    • Symantec Norton AntiVirus 2005
    • Symantec Norton Internet Security 2005/2006 (8.0.0.64)
    • Symantec Norton Internet Security 2007
    • Eset NOD32 for Windows 2.xx
    • Eset NOD32 for Windows 2.x
    • ESET NOD32 Antivirus rus 3.0.669.0
    • Norman Virus Control 5.9
    • Norman Endpoint Protection 9.0 x32
    • Norman Endpoint Protection 9.0 x64
    • Norman Endpoint Protection 7.20
    • Norman Endpoint Protection 8.10.0300 x64
    • Norman Personal Firewall 1.42
    • Norman Virus Control 5.8
    • Norman Virus Control 2008 5.99
    • Nortel Networks Contivity VPN Client 4.86
    • Symantec AntiVirus 10.0.2.2000
    • Symantec AntiVirus 10.0.6.600
    • Symantec AntiVirus 10.0.1000
    • Symantec AntiVirus 10.1.394
    • Symantec AntiVirus 10.1.5.5000
    • Symantec AntiVirus 10.1.6.6000
    • Symantec AntiVirus 10.1.8.8000
    • Symantec AntiVirus 10.0.359
    • Symantec AntiVirus 10.1.4.4000
    • Norton AntiVirus 5.02 for Windows NT Workstation
    • Norton AntiVirus Corporate Edition 7.5
    • Symantec AntiVirus Corporate Edition 8
    • Symantec AntiVirus Corporate Edition 9.0.4
    • Symantec AntiVirus Corporate Edition 9.0.6
    • Symantec AntiVirus Corporate Edition 9.0.0
    • Norton AntiVirus Corporate Edition 7.0
    • Symantec AntiVirus 10.2.0.276
    • Symantec AntiVirus 10.1.6.6000 for x64
    • Symantec AntiVirus 10.1.5000.5 for x64
    • nProtect Antivirus/Antispyware 2007
    • Agnitum Outpost Firewall 1.0
    • Agnitum Outpost Firewall 1.0 SDK
    • Agnitum Outpost Firewall Pro 2.1
    • Agnitum Outpost Firewall 2.5
    • Agnitum Outpost Firewall 2.x
    • Agnitum Outpost Network Security Client 3.5
    • Agnitum Outpost Antivirus Pro 6
    • Agnitum Outpost Antivirus Pro 6 x64
    • Agnitum Outpost Security Suite Pro 6.0 x64
    • Agnitum Outpost Security Suite Pro 6.0
    • Panda Antivirus 2007/2008 3.01.00
    • Panda AdminSecure 2007-2010
    • Panda Antivirus Pro 2009 - 2013
    • Panda Antivirus Pro 2009 - 2013 x64
    • Panda Cloud Antivirus 2.0.1
    • Panda Client Shield 4.01.10 / Panda Security for Desktops 4.03.10.0000
    • Panda Endpoint Agent 6.20.00.0000
    • Panda Endpoint Protection 5.50.00.0000 x64
    • Panda Endpoint Protection 5.50.00.0000 x86
    • Panda Endpoint Protection 06.20.11.0000 x64
    • Panda Endpoint Protection 06.20.11.0000 x86
    • Panda Global Protection 2012 v5.01.00
    • Panda Internet Security 2009 - 2013 / Panda IS 2012 for Netbooks
    • Panda Platinum Internet Security
    • Panda Security for File Servers 8
    • Panda Security for Desktops 4.50.22
    • Panda Security for Desktops 4.50
    • Panda Security for File Servers 8.50
    • Panda WebAdmin AntiVirus
    • PC-cillin AntiVirus 2002
    • PC Tools Firewall Plus 5.0
    • PC Tools Firewall Plus 3.0 for Windows
    • PC Tools Spyware Doctor 8.0 - 9.0 \ PC Tools Internet Security 8.0
    • Spam Monitor 3.0
    • PrivateFirewall 6-7
    • Quick Heal AnitVirus 2008
    • Quick Heal Total Security 2008
    • SafeGuard PrivateCrypto 2.31.1
    • StarForce SafenSec
    • Sophos AutoUpdate 2.x
    • Sophos Anti-Virus version 4.6.10
    • Sophos Antivirus 4.x
    • Sophos Antivirus 6.x/5.x
    • Sophos Anti-Virus 7.x
    • Sophos Endpoint Security and Control 9.X - 10.x \ Sophos Anti-Virus 10.0.10
    • Sophos Enterprise Console 3.0.0
    • Sophos Enterprise Console 4.5.0
    • Sophos Management Server 5.1 x86
    • Sophos NAC Application Server 3.5.305.0
    • Sophos NAC Application Server 3.5.305.0 x64
    • Agnitum Spam Terrier x64
    • Agnitum Spam Terrier
    • Spybot - Search & Destroy 1.3 & 1.4
    • Spybot - Search & Destroy 1.6.2
    • Sygate Personal Firewall 5
    • Steganos Internet Anonym Pro 7
    • Sunbelt iHate Spam for Outlook 5.3.4347.0
    • Sunbelt Personal Firewall 4.5
    • Sunbelt iHateSpam for Microsoft Outlook 5
    • Subelt iHate Spam 4.0.632
    • Sunbelt personal Firewall 4.6.1861
    • Sunbelt VIPRE 3.0
    • VIPRE Antivirus 4.0.3275
    • VIPRE Antivirus 4.0.3907 / VIPRE GFI Business Agent 5.0
    • VIPRE Antivirus 4.0.3248
    • Sunbelt VIPRE Antivirus and Antispyware 3.2.1881.2
    • SUPERAntiSpyware Free Edition 4.26.0.1002
    • Sygate Personal Firewall 5.5
    • Sygate Personal Firewall 5.0
    • Symantec AntiVirus 10.2.1000.1
    • Symantec AntiVirus 10.2.1000.1 for 64-bit
    • Symantec AntiVirus 10.2.2000.2
    • Symantec AntiVirus 10.2.298.0
    • Symantec AntiVirus 10.2.3.3000
    • Symantec AntiVirus 10.2.4000.4
    • Symantec AntiVirus 10.2.4000.4 x64
    • Symantec Antivirus 10.0.1000.1
    • Symantec AntiVirus 10.0.2000.2 german
    • Symantec Antivirus 10.1.7000.7 x64
    • Symantec Antivirus 10.1.7000.7 x86
    • Symantec Client Security 10.1.5000.5
    • Symantec Client Firewall 8.7.4.79 & Symantec AntiVirus 10.1.4.4000
    • Symantec.cloud - Cloud Agent
    • Symantec.cloud - Endpoint Protection - Desktop 20.1.0.24 x64
    • Symantec.cloud - Endpoint Protection - Desktop 20.1.0.24 x86
    • Symantec.cloud - Endpoint Protection - Server 12.1.1101.401
    • Symantec Client Security 10.1.7000.7
    • Symantec Client Security 10.1.8000.8
    • Symantec Client Security 10.1.9000.9
    • Symantec Client Security 10.1.9000.9 x64
    • Symantec Client Security 10.1.394.0
    • Symantec Client Security 9.0
    • Symantec Endpoint Protection 11.0.5002.333
    • Symantec Endpoint Protection 11.0.5002.333 x64
    • Symantec Endpoint Protection 11.0.6000.550
    • Symantec Endpoint Protection 11.0.6000.550 x64
    • Symantec Endpoint Protection 11.0.6005.562
    • Symantec Endpoint Protection 11.0.6005.562 x64
    • Symantec Endpoint Protection 11.0.6100.645
    • Symantec Endpoint Protection 11.0.6100.645 x64
    • Symantec Endpoint Protection 11.0.6200.754
    • Symantec Endpoint Protection 11.0.6200.754 x64
    • Symantec Endpoint Protection 11.0.6300.803
    • Symantec Endpoint Protection 11.0.6300.803 x64
    • Symantec Endpoint Protection 11.0.700.975
    • Symantec Endpoint Protection 11.0.700.975 x64
    • Symantec Endpoint Protection 11.0.7101.1056
    • Symantec Endpoint Protection 11.0.7101.1056 x64
    • Symantec Endpoint Protection 11.0.7200.1147 x86
    • Symantec Endpoint Protection 11.0.7200.1147 x64
    • Symantec Endpoint Protection 11.0.2000.1567
    • Symantec Endpoint Protection 11.0.3
    • Symantec Endpoint Protection 11.0.3 x64
    • Symantec Endpoint Protection 11.0.4000.2295
    • Symantec Endpoint Protection x64 11.0.4000.2295
    • Symantec Endpoint Protection 11.0.4010
    • Symantec Endpoint Protection 11.0.4014.26
    • Symantec Endpoint Protection x64 11.0.4014.26
    • Symantec Endpoint Protection 11.0.4202.75
    • Symantec Endpoint Protection 11.0.4202.75 x64
    • Symantec Endpoint Protection 12.0.1001.95
    • Symantec Endpoint Protection 12.0.1001.95 x64
    • Symantec Endpoint Protection 12.0.122.192 Brazil
    • Symantec Endpoint Protection 12.0.122.192 x64 Brazil
    • Symantec Endpoint Protection 12.1.1000.157.105 x64 russian
    • Symantec Endpoint Protection 12.1.1000.157.105 x86 russian
    • Symantec Endpoint Protection 12.1.1000.157 RU / FR
    • Symantec Endpoint Protection 12.1.1000.157 x64 german
    • Symantec Endpoint Protection 12.1.1000.157 x64 FR
    • Symantec Endpoint Protection 12.1.1000.157 x64 IT
    • Symantec Endpoint Protection 12.1.1000.157 (x86) DE
    • Symantec Endpoint Protection 12.1.1000.157 x86 italy
    • Symantec Endpoint Protection 12.1.1000.157 Brazil
    • Symantec Endpoint Protection 12.1.1000.157 Brazil x64
    • Symantec Endpoint Protection 12.1.1000.157
    • Symantec Endpoint Protection 12.1.1000.157 x64
    • Symantec Endpoint Protection 12.1.1101.401 x64 spanish
    • Symantec Endpoint Protection 12.1.1101.401 x86 spanish
    • Symantec Endpoint Protection 12.1.1101.401 Eng
    • Symantec Endpoint Protection 12.1.1101.401 Rus
    • Symantec Endpoint Protection 12.1.1101.401 x64 portugese
    • Symantec Endpoint Protection 12.1.1101.401 x64 chinese traditional
    • Symantec Endpoint Protection 12.1.1101.401 x64 chinese simplified
    • Symantec Endpoint Protection 12.1.1101.401 x64
    • Symantec Endpoint Protection 12.1.1101.401 x64 Eng
    • Symantec Endpoint Protection 12.1.1101.401 x64 french
    • Symantec Endpoint Protection 12.1.1101.401 x64 italian
    • Symantec Endpoint Protection 12.1.1101.401 x64 Rus
    • Symantec Endpoint Protection 12.1.1101.401 x86 portugese
    • Symantec Endpoint Protection 12.1.1101.401 x86 chinese traditional
    • Symantec Endpoint Protection 12.1.1101.401 x86 chinese simplified
    • Symantec Endpoint Protection 12.1.1101.401 x86
    • Symantec Endpoint Protection 12.1.1101.401 x86 french
    • Symantec Endpoint Protection 12.1.1101.401 x86 italian
    • Symantec Endpoint Protection 12.1.2015.2015 x64 german
    • Symantec Endpoint Protection 12.1.2015.2015 x64
    • Symantec Endpoint Protection 12.1.2015.2015 x64 IT
    • Symantec Endpoint Protection 12.1.2015.2015 x64 russian
    • Symantec Endpoint Protection 12.1.2015.2015 x86 german
    • Symantec Endpoint Protection 12.1.2015.2015 x86
    • Symantec Endpoint Protection 12.1.2015.2015 x86 IT
    • Symantec Endpoint Protection 12.1.2015.2015 x86 russian
    • Symantec Endpoint Protection 12.1.601.4699 x64
    • Symantec Endpoint Protection 12.1.671.4971.105
    • Symantec Endpoint Protection 12.1.671.4971 x64 chinese
    • Symantec Endpoint Protection 12.1.671.4971 (x64) DE
    • Symantec Endpoint Protection 12.1.671.4971.105 x64
    • Symantec Endpoint Protection 12.1.671.4971 x86 chinese
    • Symantec Endpoint Protection 12.1.671.4971 (x86) DE
    • Symantec Endpoint Protection 12.1.671.4971 (x86) IT
    • Symantec Endpoint Protection 12.1.671.4971 FR
    • Symantec Endpoint Protection 12.1.671.4971
    • Symantec Endpoint Protection 12.1.671.4971 Spanish
    • Symantec Endpoint Protection 12.1.671.4971 Spanish x64
    • Symantec Endpoint Protection 12.1.671.4971 x64 FR
    • Symantec Endpoint Protection 12.1.671.4971 x64
    • Symantec Endpoint Protection x64 11.0.1000.1375
    • Symantec Endpoint Protection 11.0.2010.25
    • Symantec Endpoint Protection 11.0.20 x64
    • Symantec Endpoint Protection 11.0.780.1008 and 11.0.1000.1375
    • Symantec Endpoint Protection 11.0.901.2006
    • Symantec Endpoint Protection 11.0.2020.56
    • Symantec LiveUpdate
    • Symantec Network Access Control v11.0.6100.645
    • Symantec Network Access Control v11.0.7200.1147
    • Symantec Network Access Control v12.1.1101.401 x64
    • Symantec Network Access Control v12.1.1101.401 x86
    • Symantec Protection Agent 5.1
    • Tiny Firewall Pro 6.0
    • Tiny Personal Firewall 6.5.92
    • Trend Micro Client/Server Security Agent 3.7.1055
    • Trend Micro OfficeScan Client 8 / 10
    • Client Trend SBSA 3.0 SP1
    • Trend Micro Anti-Spyware 3.0/3.5
    • Trend Micro PC-cillin Internet Security 2006 (14)
    • Trend Micro OfficeScan Client 5.0 - 10.0
    • Trend Micro OfficeScan Server 10.5.1083
    • Trend Micro ServerProtect 5.80
    • Trend Micro ServerProtect 5.80 x64
    • Trend Micro ServerProtect 5.58
    • Trend Micro Worry-Free Business Security Agent 7.0 x64
    • Trend Micro Worry-Free Business Security Agent 7.0 x86
    • Trend Micro PC-cillin AntiSpam Pilot
    • Trend Micro PC-cillin Internet Security 2008
    • Trend Micro PC-cillin Internet Security 2005
    • Trend Micro PC-cillin Internet Security 2007
    • Trustport Antivirus 2013/Internet Security 2013/Total Protection 13.0.6.5088
    • Installer for User Profile Hive Cleanup Service 1.6.36
    • V3 Lite
    • VirusBlokAda AntiVirus 3.11
    • Virus Block ADA 32 3.12.10.1
    • Vexira/VirusBuster Antivirus Professional 6.2
    • Vexira Antivirus Professional 7.3
    • Vexira Antivirus Professional 7.3 x64
    • Vexira Antivirus CMS 7
    • Vexira Antivirus Professional 5.3
    • Vexira Antivirus for Windows Servers 7
    • Vexira Antivirus for Windows Servers 7 x64
    • Vexira Antivirus for Windows Servers 5.3
    • TEGAM International ViGUARD
    • ViRobot Desktop 5.5 ISMS
    • ViRobot Desktop 5.0
    • ViRobot ISMS Client 3.5
    • ViRobot Windows Server 3.5
    • Virus Buster Internet Security 6.0
    • Virus Chaser 5.0a
    • Webroot AntiSpyware Client 3.5.1.5088
    • Webroot AntiSpyware Client 3.5.1.5118
    • Webroot AntiSpyware Client 3.5
    • Webroot Internet Security Essentials 6.0 / Webroot AntiVirus and AntiSpyware
    • Windows Live OneCare 2.0.2500.14
    • Kaspersky Anti-Virus for Windows Workstations 5.0 (5.0.527 - 5.0.712)
    • Kaspersky Anti-Virus for Windows Workstations 5.0 (5.0.527 - 5.0.712) (Silent uninstall)
    • Zillya! Antivirus 1.1.2343.0

    LANDESK Antivirus and Windows 10 Support

    $
    0
    0

    At this time LANDESK Antivirus is not supported on Windows 10, howeverLANDESK will provide Windows 10 antivirus support in the future.


    Due to LANDESK Antivirus using the Kaspersky Endpoint Security product engine, a supported antivirus product is pending an upcoming release from Kaspersky.


    Kaspersky has released a beta version of code and our developers are actively working to integrate it into our LANDESK Antivirus product.


    A release at that time will be offered for the next major version of LANDESK Management Suite and for prior LDMS versions that are still supported.


    A precise release date is not yet available, however the LANDESK Community will be updated with details as further testing and development continues.



     


    LANDESK Antivirus Client UI shows "Vulnerability Scan" as disabled

    $
    0
    0

    Issue

     

    After installing LANDESK Antivirus the client UI shows "Protection partially enabled" (components running: 3 out of 6" and under Tasks it shows "Vulnerability Scan" as disabled.

     

    avulnerabilityscan.jpg

     

    Cause


    LANDESK Antivirus is based on Kaspersky Endpoint Security.  The license provided as part of LANDESK Antivirus does not install all components normally found in Kaspersky Endpoint Security.

     

    The following Kaspersky protection components are not part of the LANDESK Antivirus license and are therefore not installed.

     

    • Application Control
    • Device Control
    • Web Control

     

    These are not a part of the LANDESK license because other LANDESK Management Suite components already offer these features.

     

    Vulnerability Scan is a part of the "Vulnerability Monitor" sub-component of the "Application Control" component.  During installation a registry is set to hide the Vulnerability scan task from the UI, however this setting will not take affect until after the client is rebooted.

     

    Resolution

     

    Reboot the client system.  If this still does not resolve the issue, run LDAV /REBRAND from the Program Files (x86)\LDCLIENT\Antivirus folder on the client system and then reboot.

     

    Note: A similar issue is "KSN Reputation" service showing at the top of the LANDESK Antivirus client window.   In this case, selecting the LANDESK Antivirus window and pressing Shift-F5 will refresh the window and remove this.  If this still does not work, run the LDAV /REBRAND command.

    LANDESK Antivirus: Database Tables, Inventory Information, and Security Activity

    $
    0
    0

     

    This document lists the tables in the LANDESK Database that are related to the LANDESK Antivirus product:

     

    Within this document you can click the images for a full-size version.


    The following are the tables used for LANDESK Antivirus:


     

    Antivirus table

     

    The information from this table shows up in the Antivirus Licensing information in the LANDESK Antivirus Action Center, in the Inventory of each client, and in the Antivirus License section of the Security activity tool.  This table records the inventory information for not only the LANDESK Antivirus product, but also for other 3rd party Antivirus products.  This table is updated by an Inventory Scan or sent directly to the Core Server through the WSVulnerabilityCore web service by the LANDESK Antivirus Service.  This information is sent under the following conditions:


    • After AV installation
    • After activating with a new license
    • After a scanning task is done
    • After pattern files are updated

     

    In addition you can run "LDAV.EXE /submitallavdata" to send this information manually.

     

    When this information is sent to the core it will log into the LDAV.LOG as "("Submitting all Antivirus table information...")


    For an Invenotry Scan this information is gathered through LDAVHLPR.DLL.  Periodic updates of this .DLL are provided within LANDESK Patch Content to support gathering information on newer versions of Antivirus Software.  The information gathered can from each 3rd party vendor can vary.  Some information may not be applicable or available to gather through the LANDESK Inventory or Security and Compliance scan processes.

     

    AntivirusTableLeft.jpg

                        AntivirusTableRight.jpg

    This information shows up in the Inventory of a client in this manner:

     

    Inventory-Info.jpg

     

     

    This table consists of the following columns:

    ColumnNameDescription
    Computer_IDNUnique database identifier for the computer associated to the Antivirus information in the next columns
    Antivirus_IDNUnique database identifier for the Antivirus entry
    ProductNameName of the Antivirus product
    AutoProtectWhether the realtime scanner (AutoProtect) is enabled or not
    ProductVersionVersion of the Antivirus product
    EngineVersionVersion of the Antivirus engine
    DefVersionVersion of the currently active definitions at the time of the last Inventory Scan or Security and Compliance Scan
    PubDatePublication date of the antivirus definitions (pattern files) on the client
    DefInstallDateTime and date that the current definition files (pattern files) were updated on the client
    LastVirusScanLast time and date a regular virus scan was executed on the client
    LastFullVirusScanLast time and date a full virus scan was executed on the client
    LastQuickVirusScanLast time and date a quick virus scan was executed on the client.
    AgentRunningSource of the server for the Pattern Files.  Typically this will only apply to LANDESK Antivirus
    PatternServerSource of the server for the Pattern Files.  Typically this will only apply to LANDESK Antivirus
    LicenseExpirationDateDate and time that the current antivirus product license expires
    LicensePeriodLength of time in days remaining
    License NumberProduct license number that the client is currently using
    LicenseProductNameName of the licensed product
    LicenseMaxCountTotal number of nodes that the license reported by the client is good for
    StartFullVirusScanTime and date that the last full virus scan was started
    StartQuickVirusScanTime and date that the last quick virus scan was started
    FullVirusScanCancelledTime and date the last full virus scan was cancelled
    QuickVirusScanCancelledTime and date the last quick virus scan was cancelled

     

    AntivirusPatches table

     

    This table lists the patches to the Antivirus product that are installed on the client.

     

    This information is sent to the Core when an Inventory Scan runs.

     

    AntiVirusPatches.jpg

     

    Column NameDescription
    Computer_IdnUnique database identifier for the computer associated to the Antivirus information in the next columns
    AntivirusPatches_IdnUnique database identifier for the AntivirusPatches entry
    DisplayNameHow the patch appears in the client interface (under the support link at the bottom of the LDAV UI)
    InstalledDateDate and time that the patch was installed
    MoreInfoURLIf applicable, the link to go to for more information about the patch
    PatchNameName of the patch

     

    This shows up in the Client Inventory in this location:

     

    LANDESKPatchesClient.jpg

    The LANDESK Antivirus service logs patch information every time it starts during the initialize period to HKEY_CLASSES_ROOT\Installer\Products\<product guid>\patches and it then stored in HKLM\Software\LANDESK\ManagementSuite\WinClient\Antivirus\Patches

     

     

    InfectedFiles table

     

    This information shows up in the Security Activity tool under LANDESK Antivirus - Infections by Computer, and LANDESK Antivirus - Infections by Virus

     

    InfectedFiles.jpg


    This table consists of the following columns:

    Column NameDescription
    Computer_IdnUnique database identifier for the computer that was infected
    InfectedFiles_IdnUnique database identifier for the file that was found that contained a virus
    PathPath on the client computer where the infected file was found
    VirusParticular virus found within the infected file
    FailureDescription of the failure

     

     

    QuarantinedFiles table

     

    This information shows up in the Security Activity tool under LANDESK Antivirus - Quarantined Infections by computer and LANDESK Antivirus - Infections by virus

     

    This table stores both information about files that have been Quarantined or files that have been moved into the Backup folder.

     

    QuarantinedFiles.jpg


    This table consists of the following columns:

     

    Column NameDescription
    Computer_IdnUnique database identifier for the computer associated to the Antivirus information in the next columns
    QuarantinedFiles_IdnUnique database identifier for the files that was quarantined
    FilenameName of the quarantined file
    Status0 = Riskware, 1= Infected, 2 = Suspicious, 3 = Clean, 4 = User Added, 5 = Unknown, 6 = Cured
    VirusVirus that was found in the quarantined file
    OriginalLocationPath where the file was found on the client computer
    GUIDFilenameGUID assigned to the filename
    QuarantineDateDate and time that the file was quarantined

     

    This information shows up in the Inventory of the client under Security - Quarantined Files.  Each file is listed as a separate entry under Quarantined Files and shows the values for Date Quarantined, Filename, GUID Filename, Original Location, Status, and Virus


    SecurityAction table

    This information shows up in the Security Activity Tool under LANDESK Antivirus - Activity, Activity by computer, and activity by virus.  In addition, LANDESK Endpoint Security activity information is stored in the SecurityAction table.

    SecurityActionLeft.jpg

                    SecurityActionRight.jpg

    Column NameDescription
    SecurityAction_IdnUnique Database Identifier for this particular instance of a Security Action
    Computer_IdnUnique Database Identifier for the computer that this Security Action relates to
    ActionTakenAction that was taken
    ActionCodeCode type of the action that was taken
    ActionDateDate and time that the action occurred
    ApplicationApplication Name
    MD5HashMD5 Hash of the file if a file was involved
    SHA1Hash SHA1 Hash of the file if a file was involved
    SHA256HashSHA256 Hash of the file if a file was involved
    TypeType code for the action that occurred
    FilesizeSize in kilobytes of the file if a file was involved
    FileDateFile Creation Date of the file if a file was involved
    FileVersionFile Version of the file from within the file properties of a file if a file was involved
    CompanyNameCompany Name from within the file properties of the file if a file was involved
    ProductNameProduct Name from within the file properties of the file if a file was involved
    ProductVersionProduct Version from within the file properties of the file if a file was involved
    UserNameUser Logged in when the action occurred
    ConfigGUIDUnique GUID of the Setting that was in use when the action occurred
    LocationIDInformation being gathered on values

     

    The information in this table makes up most of the LANDESK Antivirus information shown in the Security Activity tool.  This information is stored in ActionHistory.XML files on the client and sent to the core server every 2 minutes by Softmon, or when a Security and Compliance scan runs.

     

    The exception would be the licensing information which is stored in the Antivirus table and is sent by the LANDESK Antivirus Service on the client WSVulnerability web service on the core server.

    TrustedItem table

     

    Trusted items are a list of objects that LANDESK Antivirus does not monitor or control.  This list is populated with a list of LANDESK client files at the time of LANDESK Antivirus install, and can be added to by a settings update, or by a user on the client computer if that permission is given.

    You can add a trusted item and it will block LANDESK Antivirus access to that item, however you must be very sure that it does not represent any threat.

    TrustedItem.jpg

     

    Column NameDescription
    Computer_IdnUnique database identifier of the computer that has this object in it's trusted applications list
    TrustedItem_IdnUnique database identifier of the trusted object
    ItemItem full path and name
    StatusUser Added = 4, Admin Added = 6  (Admin added is either as part of installation or a settings update).
    ObjectTypeFile = 0, Folder = 1, Extension = 2
    AddedDateDate that the object was added
    FolderFolder where the trusted item is

     

    On the client side these are the entries from the Exclusion Rules or Trusted Applications

    TrustedApplications.jpg

    This information shows up in the Inventory of the client under Security - Trusted Items.  Each file is listed as a separate entry under Trusted Items and shows the values for Folder, Item, Object Type and Status

    Viewing all 213 articles
    Browse latest View live


    <script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>