Quantcast
Channel: Ivanti User Community : Document List - Antivirus and Antispyware
Viewing all 213 articles
Browse latest View live

How to configure a Preferred Server for Ivanti Antivirus Pattern File Content

$
0
0

Setting up a preferred server for replicating Ivanti Antivirus pattern file content

 

Ivanti Antivirus takes advantage of all of the software distribution technologies built in to Ivanti Endpoint Manager, including Preferred Package Servers.

This article discusses how to configure preferred package servers to host the Ivanti Antivirus pattern file content.

 

Create Web Share for Preferred Package Server

Note: This must be done on a server running web sharing services (such as IIS)

 

  1. Create a folder on the target preferred server that mimics the pattern file content directory on the core server:

    For our example we will create the following directory structure:

    Program Files (x86)\LANDESK\ManagementSuite\LDLogon\Antivirus8\win\BasesEP10
  2. Open IIS Manager, expand the navigation tree, right-click on Default Web Site and select “Add virtual directory”
  3. Enter “LDLOGON” for the share alias, and navigate to the Program Files (x86)\LANDESK\ManagementSuite\LDLogon directory created in Step 1.
  4. After creating the directory, right-click LDLogon in the navigation tree and select “Edit Permissions”

    Permissions should be configured as follows:

    Everyone:
    Read & Execute, List Folder Contents, Read
    IUSR: Read & Execute, List Folder Contents, Read
    NETWORK SERVICE: Full Control
    Administrators: Full Control

  5. Enable directory browsing by selecting the LDLogon folder in the navigation frame and then clicking the “Directory Browsing” icon and clicking “Enable” in the right-hand pane.

 

Create UNC share for LDLOGON directory

 

  1. Navigate to the \Program Files (x86)\LANDESK\ManagementSuite directory and right-click on the LDLogon share.
  2. Right-click and go to “Advanced Sharing”
  3. Click “Share this folder”.
  4. Click “Permissions” and give an account Full Control access to the share.   This will be necessary for the Ivanti EPM Content replication tool to have rights to copy Antivirus pattern file content to the share.
  5. Ensure that the same account is also given Full Control on the Security tab.

 

Configure the Preferred Server in Ivanti Endpoint Manager

 

  1. Within the Ivanti Endpoint Manager console click Configure and then Preferred Servers
  2. Right-click “Preferred Servers” and select “New Preferred Server”
  3. Enter Server Name and Credentials to the newly created LDLOGON share on the Preferred Server
  4. Enter the IP address ranges for the client's subnet(s) that this preferred server will serve.


To replicate Antivirus content from the Core to the Preferred Server using Ivanti EPM Content Replication

 

  1. Under “Selected Replicator” in the Preferred Server Properties select a Windows-based managed node from the list of computers. For more information about configuring a replicator, please see: Ivanti EPM Content Replication - Replicator Configuration
  2. Accept Default Run options unless there is something, in particular, you want to change.
  3. Set up a schedule for the replicator to run.   For the client to utilize the Preferred Server for Antivirus pattern files properly, replication should occur shortly after the core server updates antivirus pattern files.   Therefore, a schedule should be set up for the core server to download pattern files on a regular basis, and a replication task should be set to closely follow the completion of that.
  4. Under “Sources” click “New” to create a new content replication source.
  5. Name the source “Antivirus Pattern File Content”.
  6. For the UNC or HTTP Path enter http://coreservername/ldlogon/antivirus8/win/bases8
  7. Enter credentials to with read access to the share.
  8. Move to the “Preferred Servers (Targets)” tab and select the desired preferred server from the list.
  9. Select “Mirroring” in the left-hand pane and check the box next to “Enable Mirroring”.
  10. Click “Save”.

 

Note: LDLOGON/Antivirus8/Win/BasesEP10 is the only directory that needs replicated.   LDLOGON/Antivirus8/Win also contains other folders: backups, backupsEP10, dskm, bases8, basesEP10, loadbalancingEP10, and temp_bases8.   The backups directory is used to backup the bases8 folder.  dskm, loadbalancing and temp_bases8 are used to download the files in bases8.


How to use Patch and Compliance Manager to Manage Ivanti Antivirus and Other Antivirus Vendor Software

$
0
0

Description

 

Using Ivanti Security Suite, you have the ability to manage Antivirus software from various vendors.    This includes ensuring the following:

 

  • Ensure virus scanner is installed
  • Ensure real-time scanning engine is enabled
  • Ensure antivirus pattern files are up to date.

 

The following Antivirus software is fully supported including updating Pattern files updates (business versions only):

 

Ivanti Security Suite can also ensure that a virus scanner is installed and that a real-time scanning engine is enabled for the following products, but cannot provide pattern files:

 

When downloading 3rd-party (Non-Ivanti) Antivirus updates within Patch Manager, you must first accept an agreement that you own and are adequately licensed for the software you are downloading updates for.

 

There are various Antivirus definitions within Patch Content that can be used to help manage the Antivirus programs in your environment.  These definitions serve various purposes.

 

              (Click either image for full-size)

AV-1XX definitions.pngAV-1XX-Sorted by Title.png

          Sorted by ID                    Sorted by Title

 

Currently, as of this writing, Ivanti Patch and Compliance Manager can manage

 

  • Avast
  • AVG
  • Avira
  • Bitdefender
  • Bullguard
  • eScan
  • Eset
  • Gdata
  • Kaspersky
  • McAfee
  • Microsoft Forefront
  • Microsoft Windows Defender
  • Panda
  • Shavlik
  • Sophos
  • Symantec
  • Trend Micro
  • VIPRE

 

AV-100 will check to see if there is a virus scanner installed.  (All supported Antivirus vendors).

AV-101 will check to see if the real-time scanning engine is enabled.  (All supported Antivirus vendors).

 

The following "DATEDIFF" definitions check to see if the vendor's pattern files are up to date within the last N days (As can be specified in the Custom Variables tab within the definition properties).

AVDateDiff.png

Note: additional supported Antivirus software may be added prior to this document being updated.   Always view your list to see if there is anything new, or contact LANDESK Support.

 

If the pattern files are out of date, they can be downloaded and applied using Ivanti Endpoint Manager  These can be set to autofix to ensure that Patch and Compliance Manager checks and downloads updated pattern files as soon as they fall out of date.

 

 

The vulnerability scan category "Antivirus Updates" must be enabled in the Scan Options tab of the Distribution and Patch settings for these definitions to be operational.

 

Note: LDAVHLPR.DLL is used as an add-on to the Vulnerability Scanner and Inventory scanner to gather Antivirus information from end clients.  It is possible when vendors update their product that LDAVHLPR.DLL will need to be updated to accurately gather information.  This updated LDAVHLPR.DLL is typically made available in the Ivanti Updates category within Patch and Compliance Manager.  If the information is not gathered correctly, contact Ivanti support.

About Ivanti Antivirus Alerts

$
0
0

Ivanti Antivirus Alerts

 

Ivanti Antivirus Alerts must be configured within the Alerting tool in the Management Suite Console.

 

By default the following alerts are configured:

VirusAlerts.jpg

LDMS Default Ruleset

 

The LDMS Default ruleset is the Alerting ruleset used by a client unless another ruleset is specifically specified in the Agent Configuration.

 

The default actions can be modified for the rulesets.

 

For a complete overview of how to configure Ivanti Alerts, see this article.

 

Ivanti Antivirus integrates with the Ivanti Alert Handlers.   If one of the alerting events takes place, it is handed off to the Ivanti Alerting handler and the action is logged in the ALERT.LOG located in Program Files\Shared Files on the client computer.   This alert is also logged in the AVService.log file.  Depending on the action defined in the Alert Ruleset, it may then Log an event in the Alert Log on the core, run a program on the Core, run a program on the Client, send an e-mail (through a mail server as configured in the alert), or send an SNMP trap.

 

If the action is set to "Log handler configuration", this activity can be seen in the "Logs" tool in the EPM console.

 

Note: If installing Ivanti Antivirus to a Server, the Default Server Ruleset does not contain Ivanti Antivirus alerts.   These should be added to the Default Server Ruleset if desired.

 

Core Alert Ruleset

 

The Ivanti Antivirus - virus outbreak detected" alert is used in conjunction with the Alert Settings as configured in Security and Patch Manager.

 

To configure this alert:

 

  1. Open the Security and Compliance tool on the core server.
  2. Select the third icon drop-down and then select "Alert Settings"
    AlertSettings.jpg
  3. Select the "Antivirus" tab.

OutbreakAlert.png

This panel sets the threshold for when a virus outbreak will trigger an alert.  This is calculated from the Antivirus Activity.  With the default settings, if there are 50 Antivirus events within 10 hours, the "Virus Outbreak Alert" is triggered.    The Core Server is the computer that processes this alert action.  The Antivirus activity is sent through a separate mechanism than the Ivanti Alerts.  This is gathered regularly in ActionHistory.XML and sent to the core server every few minutes.   This is also sent every time the Vulnerability Scanner runs.

 

Antivirus Activity can be viewed within the Security Activity tool.

 

AVActivityjpg.jpg

 

 

Within the Security Activity window, the section "Computers not recently reporting Antivirus Configuration and Status" is populated by data gathered during a Vulnerability scan, but only if the "Antivirus Updates" category is being scanned for.   For more regarding this, see this article.

How To: Limit the End User Ability to Modify Ivanti Antivirus Settings

$
0
0

As Ivanti Antivirus is based on Kaspersky Endpoint Security 10, for training on the settings and configuration it is recommended to visit the Kaspersky training course located here: Basics of Kaspersky Endpoint Security 10




Question

 

How do I limit the end-user ability to modify Ivanti Antivirus Settings, shut down the services, etc?

 

Answer

 

There are various places to limit the user ability to modify Ivanti Antivirus Settings.


Ivanti Antivirus Settings

 

There are various locations within the Ivanti Antivirus Settings where User Control can be modified.

 

To modify the Ivanti Antivirus settings:

 

1. Open the Agent Settings tool in the Ivanti Endpoint Manager Console.

2. In the Security group on the left select "Ivanti Antivirus Settings"

3. Select the Antivirus Setting you wish to edit and click "Edit"

 

Note, the following screens will point out the different areas that can affect user feedback and/or interaction.

Antivirus Settings - General Tab

AVGeneral.jpg

 

  • Show Ivanti Antivirus in system tray - Enables or Disables the yellow Antivirus shield icon from showing in the system tray
  • Enable right-click scanning - Adds or removes the option "Scan for viruses" when right-clicking a Drive, Directory, Folder, or File.
  • Allow user to add files and folders to Trusted Items List - Allows users to add files to a trusted list.  This means Ivanti Antivirus will trust those files and will not scan them.  (Security Risk)

 

  • Antivirus Settings - Permissions Tab

AVPermissions.jpg

  • Allow user to disable protection components for up to [ x ] minutes - (Security Risk)

      (This option should only be enabled for IT personnel or similar responsible users that routinely work with files that could be considered a security risk)

  • Allow user to update definitions - Regular pattern file updates should be enforced on a schedule set by the Administrator within the Antivirus settings on the core.  However, in some instances, it may be necessary to allow the user to Schedule virus definition updates on their own schedule.
  • Allow user to restore objects - (Security Risk)
  • Allow user to change settings - This parent setting controls the 4 settings below if unchecked.  If checked they can be selected individually.
  • Allow user to schedule scans - Regularly scheduled scans should be enforced on a schedule set by the Administrator within the Antivirus settings on the core.  However, in some instances, it may be necessary to allow the user to Schedule the scans to their own desired schedule.
  • Allow user to exclude objects from scanning(Security Risk)
  • Allow user to add Web URL's(Security Risk)
  • Allow user to configure exclusions in Network Attack Blocker(Security Risk)

Using Agent Watcher to monitor Ivanti Antivirus Services

 

Agent Watcher is a configurable component of the Agent Configuration that enables monitoring, enforcement and reporting on critical Ivanti Endpoint Manager files and services.  For further general information about Agent Watcher, please refer to the Ivanti EPM Help File: Enable and configure Agent Watcher

Use Security and Patch Definitions to ensure Antivirus is up to date and running

 

See How to use Security and Compliance Manager to Manage Ivanti Antivirus and Other Antivirus Vendor Software

 

Use Windows User Rights to limit user interaction

 

Windows User rights and Group Policy settings can be used to limit the user ability to stop services, etc.

 

Install Ivanti Application Control as part of Ivanti Endpoint Security to protect critical Ivanti Files

 

Ivanti Endpoint Security adds layers of added security to thwart malicious attacks and rootkits using application control that prevents applications from executing in malicious ways right on your individual host systems. Use it to extend the power of Ivanti Endpoint Manager to protect your system files, critical registry keys and also the Ivanti Client files.

 

How to configure LANDESK Endpoint Security to provide Ivanti Agent protection

How to configure Ivanti Antivirus Exclusions on various Microsoft Server Types

Issue: Ivanti Antivirus tool and/or content not appearing in Management Console

$
0
0

Issue

 

If the Ivanti Antivirus Tool or Content does not appear in the Management Suite Console, this typically is due to a licensing issue.

 

Another symptom is that Antivirus Content downloads will run, but will appear to do nothing.

 

Cause

 

If the Ivanti Antivirus Tool or Content does not appear in the Management Suite Console, this typically is due to a licensing issue.

 

This can be caused by an expired license, incorrect licensing information, or a technical issue with the licensing component of the core server.

 

Resolution

 

Verify the license information that you have within the Core Server Activation tool on the Core Server.

 

1. From the Start Menu on the Core Server, select the Ivanti Program group and run "Core Server Activation"

2. Click the "Licenses" button in the lower left corner.

 

Two licenses exist.   One for the Antivirus Tool, and one for the pattern file content.

AVLicensing.png

You should have at least one entry for "License" and one entry for "Subscription" for the version of Management Suite the Core Server is currently running.   If either is missing, you should reactivate your core server.   From within the Core Server Activation Tool, make sure the Contact Name and Password are correct and click "Activate".

 

If you have reactivated and the information still does not appear correct, contact Ivanti Support to investigate further.   If either is expired, contact your Sales Representative or the Licensing Queue at Ivanti Support for further assistance.

 

If the licensing information appears correct, please reactivate the Core Server.

 

For general Antivirus license troubleshooting steps see How to troubleshoot Ivanti Antivirus license issues

 

Note: For Antivirus client license issues such as "The Antivirus key is missing or expired" messages, see this article: http://community.landesk.com/support/docs/DOC-6508

How to set up a Pilot Group for Ivanti Antivirus Definitions

$
0
0

Description

 

This is a step by step guide that will create a group of computers that get the most up-to-date antivirus definitions. The other computers in your environment will receive the updates either upon your approval or after a period of time you specify.

 

Instructions

 

Set up Antivirus Definitions to Download to a Pilot Group

 

    1. Go to Tools | Security and Compliance
    2. Click the "Download Updates" button (First single icon without text on the left)
    3. Un-check everything under Definition types then put a check in the box labeled "Ivanti Antivirus Updates"
    4. Click the "Ivanti Antivirus" tab
    5. Select "Restrict them to a pilot"
    6. Click "Schedule Update" and setup a schedule for antivirus to update
      Note: If you have a previous scheduled task to download Antivirus definitions please be sure to delete it
  1. Create an Antivirus Agent Behavior for the Pilot Group Configuration

    1. Open the Agent Settings Tool
    2. Expand the Security sub-group and select "Ivanti Antivirus"
    3. Copy an existing setting or create a new AV setting and name it something that denotes the AV Pilot Definitions Group
    4. Click on the "Update" sub-section under "Scheduled Tasks"
    5. Put a check in the box labeled "Download 'pilot' version of virus definition files"
    6. Click OK

 

Deliver the New Antivirus Agent Behavior Through a Task

 

    1. In the Agent Settings tool select the Calendar icon and select "Change Settings" from the drop-down
    2. Name the task something like "Pilot Group AV Behavior"
    3. Click the words "Keep agent's current settings" by "Ivanti Antivirus Settings"
    4. Select the new AV Agent Behavior
    5. Click Save
      Note: This creates a scheduled task that will apply the new AV Agent Behavior setting to any agents that you want to use in your pilot test groupsss
    6. Drag computers into the scheduled task
    7. Right-click the task and click "Start Now"

About Antivirus exclusions (exceptions) for the Ivanti EPM Core Server

$
0
0

This article discusses Antivirus exclusions (also known as exceptions) that are recommended for the Ivanti EPM Core Server.

 

When installing Antivirus on the Ivanti EPM Core server, it is recommended to set the Real-time Protection File Types to Scan option to "Scan infectable files only".  This is set within the Ivanti Antivirus settings on the "Real-time Protection" tab.

 

For general information about Antivirus Exclusions, see this article.

 

For specific information on configuring Antivirus Exclusions for specific server types (IIS, SQL, Exchange, Etc) see this article.

 

 

Some Antivirus products (Ivanti Antivirus included) have separate exclusions lists for real-time scanning and on-demand scanning.  Most exclusions will apply only to Real-time Scanning, as scanning some directories during computer operation can severely impact performance.

 

Antivirus exclusions need to be set both in the "Protection" tab within the Ivanti Antivirus settings.  Within this section, there is a "Real-time" tab and a "Virus Scan" tab.

 

 

Configuring Antivirus exclusions for an Ivanti Core Server

 

 

As most Ivanti Core servers house IIS for the web console, general Antivirus exclusion instructions should be followed that pertain to IIS:

 

Create the following exclusions:

 

    • The IIS compression directory (default compression directory is %systemroot%\IIS Temporary Compressed Files)
      (For XP and Server 2003 use "%systemroot%\IIS Temporary Compressed Files")
    • The  %systemroot%\system32\inetsrv folder
    • Files that have the .log extension

 

If the SQL Database resides on the core server, the following instructions should be followed:

 

http://support.microsoft.com/kb/309422

 

Ivanti specific directories:

 

\Program Files\LANDESK\Managementsuite\brokerreq

\Program Files\LANDESK\Managementsuite\IncomingData

\Program Files\LANDESK\Managementsuite\ldscan

\Program Files\LANDESK\Managementsuite\log

\Program Files\LANDESK\Managementsuite\sdstatus

\Program Files\LANDESK\Managementsuite\xddfiles

\Program Files\LANDESK\Managementsuite\vulscanresults

\Program Files\LANDESK\Managementsuite\ldlogon\agentbehaviors

\Program Files\LANDESK\Managementsuite\ldlogon\vulnerabilitydata

 

Ivanti specific files:

\Program Files\LANDESK\ManagementSuite\LANDESK.ManagementSuite.Licensing.ActivateCore.exe

\Program Files\LANDESK\Managementsuite\ldlogon\ldiscn32.exe

 

General Exclusion information for Microsoft Operating Systems

 

http://support.microsoft.com/kb/822158


How to determine the client Ivanti Antivirus engine version

$
0
0


How to determine the client Ivanti Antivirus engine version

 

This article describes various methods for determining the Ivanti Antivirus engine version installed on clients

 

Within the Inventory record for a client

 

  1. Right-click a client and select "Inventory".
  2. Drill down in the Inventory tree in the left-hand pane to "Computer"."Security"."AntiVirus Software"."Antivirus"."Engine Version".

 

From the client Antivirus UI:

 

  1. Double-click the LDAV95TrayIcon.jpg Ivanti Antivirus system tray icon.
  2. Click the "Support" link in the bottom left of the client UI.
  3. The following dialog should be displayed:

AVEngine.jpg

 

Add a column to the device view in the Ivanti Endpoint Manager console

 

  1. In the LDMS console go to Tools --> Administration -- Column Set Configuration
  2. Right-click "My Column Sets" and select "New Column Set" or double-click an existing Column Set you wish to edit.
  3. Drill down to "Computer"."Security"."AntiVirus Software"."Antivirus"."Engine Version", highlight it and select "Add to columns".

EngineVersionInventory.png

 

Create a Query that returns the Antivirus version as a column in the results

 

  1. In the LDMS console, either right-click My queries and select "New query" or double-click an existing query to edit it.
  2. Select criteria for the computers that you want to be returned by this query (certain IP address range, a certain location, etc).
  3. In the lower-right corner click "Select columns".
  4. Browse through the tree on the left to "Computer"."Security"."AntiVirus Software"."Antivirus"."Engine Version", highlight it and click ">>" to move it to the column list.
  5. Save query.

How to report and send files being incorrectly detected as a virus by Ivanti Antivirus

$
0
0

 

Description

 

Sometimes new Virus Definitions will detect legitimate files as a virus.  These are called "False Positives".
For further information on how to recover if this false positive is causing issues in your environment, see this article.
In order for the definition to be adjusted, the "False Positive" must be reported and sent to us immediately.

How to report and send files being detected incorrectly as a virus

 

If there is a file(s) that are being identified as a False Positive, before submitting the file(s) for analysis make sure that all affected computers are scanning with the latest definition files.
Once all machines have been scanned with the latest definition files then follow the steps outlined below to have the infected files analyzed.

For further information on how to ensure your clients are using the latest Antivirus pattern files, see this article.

 

Restore File for Reporting

 

In order to submit the file for review as a False Positive, the file will need to be restored from Quarantine. The following steps outline how to provide LDAV the necessary permissions to perform this task.

Disable Real-time protection to prevent the file being immediately quarantined again, then restore the file to be submitted.

 

LDMS 9.6/2016

 

  1. Open a Management Suite console

  2. Go to  Tools| Security and Compliance | Agent Settings

  3. Expand Agent Settings | Security | Ivanti Antivirus

  4. Double click on the Antivirus settings the client is using.

  5. Click onPermissions

  6. Check theAllow user to disable Realtime scanning for up to ___ minutes option

  7. Check Allow user to restore objects

  8. ClickSave

 

1.png

 

  1. On the client ClickStart | Run

  2. TypeVulscan /changesettings /showui, this will download the setting changes you made.

  3. Open the Ivanti Antivirus GUI

    • Start | Programs | Ivanti Management | Ivanti Antivirus

             or

    • Click the LDAV Icon in the system tray if enabled
    1. Click Protection | File Anti-Virus | and click Stop

     

    StopProtection.jpg

     

    Note: If prompted with a Warning! window, click Yes

     

    This action will impact your computer's protection. Do you want to continue?

    Application name: Ivanti Antivirus

    Manufacturer: "Kaspersky Lab"

    Action: Settings modification

    warning.png

     

     

    1. With File Anti-Virus disabled, click Quarantine

    Quarantine.jpg

     

    1. Take note of the Folder path, as this is where the file will restore to.

    2. Highlight the file and click Restore

    restore.png

     

    1. Take a screenshot of the false positive detection.  Compile the "infected" file(s) and the screenshot into a password protected .ZIP file, with password 'infected'.  Name the file "FalsePositive(UniqueName).zip".  (Where "UniqueName" is a filename of your choosing).

      *****Be very careful to name the zip file with a prefix of "FalsePositive" otherwise Kaspersky will treat this as a false negative submission and your case will be significantly delayed*****

     

    Note: The file must be password protected with a password of "infected".The compression type must be a .ZIP.  Other compression types will not be accepted.The file should not be a self-extracting zip file.

     

    Submit the File

    1. Place the file on Ivanti's site:http://avdrop.landesk.com/

    2. Contact Ivanti Support and open a Support Incident and provide the name of the sample file uploaded to the ftp site. (Case sensitive)

    3. Revert the changes made to the agents settings.

    4. Current virus definition release activity can be viewed here: http://www.kaspersky.com/viruswatchlite?

    Note:Once the antivirus pattern files are updated to correct the false positive, the files within quarantine will be restored to their original locations.

     

    Ivanti Support Contact information

    Antivirus clients not updating pattern files from the Internet

    $
    0
    0

    Issue

     

    Clients are set to update the Antivirus pattern files from the internet, however, the updates are failing and updates are not coming from the internet.

     

    Either the updates are failing altogether, or the updates are going to the Core Server instead of the Internet.

    Cause

     

    There can be various reasons this can occur.

     

    Typically it is because the updated Antivirus Behavior has not been correctly applied at the client.

    Resolution

     

    • Verify the settings on the core server match the client Antivirus Behavior currently in use by the client
    • If necessary update the Antivirus Behavior on the client through a change settings task

     

    Further information:

     

    Verify the Ivanti Antivirus Settings on the core server:

     

    1. In the Ivanti Endpoint Manager Console, open the Agent Settings tool under the Configuration tool group and select the correct Antivirus behavior under Security Configurations - Ivanti Antivirus
    2. Select the Antivirus behavior that the affected clients are using and select "Edit".
    3. Go to the Update section of the setting
    4. In the "Download virus definition update from" section verify the settings for the source the clients will download the pattern files from:

    CoreFirst.jpg

     

    Next, compare the settings the client has to the settings the core shows.

     

    This setting is shown in the following log file:

     

    LDAV.log

     

    The text within the log will look something like this:

    Tue, 07 Nov 2017 18:08:01 ---------- Initializing LANDESK Antivirus Service -------------------

    Tue, 07 Nov 2017 18:08:01

    Tue, 07 Nov 2017 18:08:01 Running on workstation, LANDESK system language: ENU

    Tue, 07 Nov 2017 18:08:01 Setting permission on HKLM\Software\LANDesk\ManagementSuite\WinClient\Antivirus...

    Tue, 07 Nov 2017 18:08:01 Setting permission on HKLM\Software\LANDesk\ManagementSuite\WinClient\Antivirus\License...

    Tue, 07 Nov 2017 18:08:01 Setting permission on HKLM\Software\LANDesk\ManagementSuite\WinClient\Antivirus\Patches...

    Tue, 07 Nov 2017 18:08:02 Loading behaviors...

    Tue, 07 Nov 2017 18:08:02 Successfully loaded behaviors

    Tue, 07 Nov 2017 18:08:02 Loading the settings: 2017-3_v528.3

    Tue, 07 Nov 2017 18:08:02 Loading settings for each component

    Tue, 07 Nov 2017 18:08:02 Loading update settings...

    Tue, 07 Nov 2017 18:08:02 pilot: false

    Tue, 07 Nov 2017 18:08:02 Download from core then internet

     

    If this setting does not match the setting within the GUI for the Ivanti Antivirus settings on the core server, a Change Settings task should be scheduled for the client.

     

    How to create a change settings task to change the Antivirus Settings

     

    1. In the Agent Settings tool within the Configuration tool group select the second icon and in the drop-down select "Change Settings"
      Changesettings.jpg
    2. Choose "Scheduled Task" or "Create a policy" and then select the Antivirus Settings that contain the correct "download from" option and select OK.
    3. This will create a Scheduled Task with the name you specified for the Change Settings task.
    4. You can now drag the target computers to this task and start it at the desired time.

     

    This can also be done on a per-client basis by going to the Run line on a client and typing "Vulscan /changesettings /showui".

     

    For further information regarding Standalone Antivirus Agent installations, see this article:

     

    http://community.landesk.com/support/docs/DOC-6829

    About incompatible products that can be removed during Ivanti Antivirus installation

    About Ivanti Antivirus Incompatible Software

    $
    0
    0

    Description

     

    When installing any security software it is important to ensure compatibility between other security products that may be installed on the system. This document provides details on how to determine if there are known compatibility issues before deploying Ivanti Antivirus.

     

    Incompatible Products

     

    To see a list of products that are incompatible with the version of your core server you can review the incompatible.txt file found in the %LDMS_HOME%\ldlogon\avclient\install\setup.

     

    Ivanti Antivirus is based on Kaspersky Endpoint Security 10.

     

    A full list of incompatible products is available here:List of applications incompatible with Kaspersky Endpoint Security 10 for Windows

     

     

    Log Detection of Incompatible Products

     

    If the install of LANDESK Antivirus finds incompatible software, it will be logged in the kl-setup-{date}.log file from the %temp% directory.

    3768:0e9c 09:20:18.772 *** DetectFilter: found alien softaware Symantec LiveUpdate ***

    3768:0e9c 09:20:18.808 *** Cleaner: EnumCompetitorSoftware type 1. Following software should be removed before installation might be continued 'Symantec LiveUpdate'. Error code: 1. ***

            

    Incompatible Products removed during Ivanti Antivirus install

     

    When performing an install of LDAV, a preliminary check of incompatible software/products will occur as outlined above. If possible, these products will uninstalled. In some circumstances, the application may not be able to be removed by the LDAV installation. If this occurs, the 3rd party software will need to be removed by other means. Below is a list of products that the LDAV install will attempt to remove:

     

    • Acer LANScope Agent 2.2.25.84 x64
    • Acer LANScope Agent 2.2.25.84
    • Ad-Aware 9.6.0
    • Adaptive Security Analyzer 2.0
    • AEC TrustPort Antivirus 2.8.0.2237
    • AEC TrustPort Personal Firewall 4.0.0.1305
    • AhnLab V3 Internet Security 8.0
    • AhnLab V3 Internet Security 8.0 x64
    • AhnLab SpyZero 2007 and SmartUpdate
    • AhnLab V3 Internet Security 7.0 Platinum Enterprise x64
    • AhnLab V3 Internet Security 7.0 Platinum Enterprise
    • Alyac Antivirus x64
    • Alyac Antivirus
    • Avira AntiVir PersonalEdition Classic 7 - 8
    • ArcaVir Antivir/Internet Security 09.03.3201.9
    • ArcaVir Antivir/Internet Security 09.03.3201.9 x64
    • Ashampoo Anti-Malware 1.11
    • Ashampoo AntiSpyware 2 v 2.05
    • Ashampoo AntiVirus
    • AtGuard 3.2
    • Authentium Command Anti-Malware v 5.0.9
    • Authentium Command Anti-Malware v 5.1.0
    • Authentium Command Anti-Malware v 5.0.5
    • Authentium Safe Central 3.0.2.3236.3236
    • ALWIL Software Avast 4.7
    • AVG 2011
    • AVG 2011 x64
    • AVG 2012.0.1913 x64
    • AVG 2012.0.1913 x86
    • AVG 2012 Free 2012.0.1901 x64
    • AVG 2012 Free 2012.0.1901
    • AVG 2012 x64
    • AVG 2012 x86
    • Grisoft AVG 8.5 Free
    • Grisoft AVG 8.5 Free 64-bit
    • Grisoft AVG 8.5
    • Grisoft AVG 8.5 64-bit
    • Grisoft AVG 8.x
    • Grisoft AVG LinkScanner? 8.5
    • Grisoft AVG LinkScanner? 8.5 x64
    • Grisoft AVG 8.x x64
    • AVG 9.0
    • AVG 9.0 x64
    • AVG AntiVirus/Internet Security 2011
    • AVG Anti-Virus Business Edition x64
    • AVG Anti-Virus Business Edition 2012
    • AVG Anti-Virus 2013 13.0.2793 x64
    • AVG Anti-Virus 2013 13.0.2793 x86
    • AVG Free 9.0
    • AVG Free 9.0 x64
    • AVG Anti-Virus FREE 2013 13.0.0.2654 x64
    • AVG Anti-Virus FREE 2013 13.0.0.2654 x86
    • Grisoft AVG 7.x
    • AVG Identity Protection 8.5
    • Avira Free Antivirus 13.0.0.2693 / Avira Antivirus Premium 13.0.0.2693
    • Avira Free Antivirus 12.0.0.207
    • Avira AntiVir Personal - Free Antivirus 10.0.0.565
    • Avira AntiVir Personal - Free Antivirus 10.0.0.567
    • Avira AntiVir Professional 10.2.0.700
    • Avira AntiVir Personal - Free Antivirus 10.2.0.703
    • Avira AntiVir Personal - Free Antivirus 10.2.0.83
    • Avira AntiVir Personal - Free Antivirus 10.2.0.98
    • Avira AntiVir Personal - Free Antivirus 10.00.00.36
    • Avira AntiVir Personal - Free Antivirus 12.0.0.1125
    • Avira AntiVir Personal - Free Antivirus 12.0.0.1167
    • Avira AntiVir Personal - Free Antivirus 12.0.0.144
    • Avira AntiVir Personal - Free Antivirus 12.0.0.254 / Avira Professional Security 12.0.0.254
    • Avira Free Antivirus 12.0.0.323
    • Avira AntiVir Personal - Free Antivirus 12.0.0.861
    • Avira AntiVir Personal - Free Antivirus 8.0 - 10.0 \ Avira Professional Security 12
    • Avira Antivirus Premium 2012 - 2013
    • Avira AntiVir Premium / Avira Premium Security Suite 2010
    • Avira Internet Security 2012 - 2013
    • Avira AntiVir PersonalEdition Premium 7.06
    • Avira AntiVir Professional 10
    • Avira AntiVir Professional 10.2
    • Avira AntiVir Server 10.0.0.1824
    • Avira AntiVir Server/Desktop 12.0.0.1236
    • Avira Endpoint Security 2.6
    • Avira Free Antivirus 12.0.0.125
    • Avira Professional Security 12.1.9.1577
    • Avira AntiVir Premium
    • Avira Premium Security Suite
    • Avira Premium Security Suite x64
    • Avira Professional Security 12.1.9.1580
    • Avira Professional Security 12.0.0.101 Turkish
    • Avira Professional Security 12.0.0.131 Brazil
    • Avira Professional Security 12.0.0.1506 German
    • Avira Professional Security 12.0.0.163 French
    • Avira Professional Security 12.0.0.186 Italian
    • Avira Professional Security 12.0.0.208 Spanish
    • Avira Professional Security 12.0.0.97 Dutch
    • Avira Server Security (generic)
    • Avira Management Console Agent \ Avira Professional Security Management agent (x64)
    • Avira Management Console Agent \ Avira Professional Security Management agent (x86)
    • Kaspersky AntiViral Toolkit Pro
    • Kaspersky AntiViral Toolkit Pro (Silent uninstall)
    • Kaspersky Anti-Virus driver AVPG (9x)
    • Kaspersky Anti-Virus driver AVPG
    • Virus Removal Tool Driver x64
    • Virus Removal Tool Driver
    • BitDefender Antivirus Plus 10.247
    • BitDefender Antivirus 2008
    • BitDefender Antivirus 2009 12.0.10
    • BitDefender 2009 12.0.11.5
    • BitDefender Client Professional Plus 8.0.2
    • BitDefender DeploymentTool Agent 3.5.2.242
    • BitDefender Antivirus Plus 10
    • BitDefender 2011 14.0.29 x64
    • BitDefender 2011 14.0.29 x86
    • Bitdefender 2012 15.0.36
    • BitDefender Standard Edition 7.2 (Fr)
    • Bit Defender Professional Edition 7.2 (Fr)
    • BitDefender 8 Professional Plus
    • BitDefender 8 Professional (Fr)
    • BitDefender 8 Standard
    • BitDefender 8 Standard (Fr)
    • BitDefender 9 Professional Plus
    • BitDefender 9 Standard
    • BitDefender Business Client 11.0.20
    • BitDefender Business Client 11.0.22
    • BitDefender Business Client 3.5.1.0/3.5.2.153
    • BitDefender Business Client 11
    • BitDefender for FileServers 2.1.11
    • BitDefender Free Edition 2009 12.0.12.0
    • BitDefender Total Security 2008 11.0.14
    • BitDefender Internet Security 2009
    • BitDefender Internet Security 2010
    • BitDefender Internet Security 2011 14.0.28 x64
    • BitDefender Internet Security 2011 14.0.28 x86
    • BitDefender Management Agent 3.1.8
    • BitDefender Management Agent 3.1.9
    • BitDefender Management Agent 3
    • BitDefender Security for Windows Servers 3.5.17
    • BitDefender Internet Security 2008
    • BitDefender Internet Security v10.108
    • BitDefender Internet Security 2009 12.0.8
    • BitDefender 2009 Internet Security 12.0.11.5
    • BitDefender Management Agent 3.0.5
    • BitDefender Total Security 2008
    • BitDefender 2009 Total Security 12.0.11.5
    • BitDefender 2010 Total Security 13.0.21
    • CA AntiVirus 2008
    • CA Anti-Virus Plus 7
    • CA Anti-Virus r8.1 / CA eTrustITM Agent r8.1
    • CA Anti-Virus r8.1 / CA eTrustITM Agent r8.1 x64
    • CA eTrust AntiVirus 7
    • CA eTrust Antivirus 7.1.0194
    • eTrust AntiVirus 7.1.194
    • CA eTrust AntiVirus 7.1
    • CA eTrust AntiVirus 7.1.0192
    • CA eTrustITM 8.1.637
    • CA eTrustITM 8.1
    • CA eTrustITM 8.1.637 for Windows 2003
    • CA eTrustITM 8.1.637 for Windows 2003 (x64)
    • CA eTrustITM 8.1.00
    • CA eTrustITM Agent 8.0.403
    • CA eTrust ITM 8.1 and iGateWay 4.2.0.2
    • CA eTrust Pestpatrol 5.0
    • CA HIPS Managed Client 1.0
    • CA eTrust InoculateIT 6.0
    • CA eTrust Suite Personal 2008
    • CA Licensing 1.57.1
    • CA PC Security Suite 6.0 \ Private PC Security Suite 6.0
    • CA PC Security Suite 6.0.00
    • CA Total Defense R12 Client 12.0.831
    • CA Total Defense R12 Client 12.0.831 x64
    • CA Total Defense R12 Client
    • CA Total Defense R12 Client x64
    • CA Total Defense for Business v14
    • CA Total Defense for Business v14 x64
    • CheckPoint VPN client 75.10
    • CheckPoint VPN client R75
    • Cipafilter Client Tools 0.952
    • ClamWin Free Antivirus x64
    • ClamWin Free Antivirus
    • Authentium Command AV 4.90.x / 4.92.x
    • Command AntiVirus for Windows Enterprise 4.94.5
    • Command AntiVirus for Windows 4.94.5
    • Authentium Command AV 4.94.9
    • Command AntiVirus for Windows Enterprise 4.95.2
    • Command AntiVirus for Windows 4
    • Command Anti-Malware for Enterprise 5.1.12
    • Comodo AntiSpam 2.6.0.0
    • Comodo AntiSpam 2.6.0.0 x64
    • Comodo AntiSpam 2.7.0.11
    • Comodo BOClean 4.25
    • COMODO Firewall Pro 1.0 - 3.x
    • Comodo Internet Security 3
    • Comodo Internet Security 4.0.4167.742/4.0.10770.828
    • Comodo Internet Security 5.9
    • Comodo Internet Security 5.0
    • Password Manager XP 3
    • CyberDefender Early Detection Center 5
    • DrWeb for Windows 4.30
    • Dr.Web Enterprise Server 6.00
    • Dr.Web Enterprise Server 6.00 (x64)
    • Dr.Web CommuniGate Plugin 4.33
    • Dr.Web Enterprise Server 6.00.11300
    • Dr.Web Enterprise Agent
    • DrWeb Enterprise Client ver 5,6
    • DrWeb Enterprise Client ver 5,6 x64
    • Dr.Web Enterprise Server (x64). 6.01.09160
    • Dr.Web AntiVirus for Windows Servers 4.33
    • PeoplePC Internet Security 1.5
    • PeoplePC Internet Security Pack / EarthLink Protection Center
    • eScan Corporate 2.0.016.1
    • Emsisoft Anti-Malware 5.1
    • eScan Anti-Virus (AV) for Windows 9.0
    • eScan Anti-Virus for SMB 10.0.962.356 DB
    • eScan Anti-Virus Edition 10.0.962.356 DB
    • eScan Corporate 10.0.962.356 DB
    • eScan Internet Security Suite 9.0 for Windows
    • eScan IIS for SMB 10.0.997.491 DB
    • eScan Virus Control (VC) Edition for Windows
    • ESET NOD32 Antivirus 3.0.669 EN
    • ESET NOD32 Antivirus 3.0.669 Turkey
    • ESET NOD32 Antivirus 3.0.684 x64
    • ESET NOD32 Antivirus 3.0.684
    • ESET NOD32 3.x & 4.x & 5.x generic script
    • ESET NOD32 3.x & 4.x & 5.x generic script (x64)
    • ESET Smart Security 4.0.417 x64
    • ESET Smart Security 4.0.437 x64
    • ESET NOD32 Antivirus 4.0.441
    • ESET NOD32 4.0.467,4.0.627
    • ESET NOD32 Antivirus 4.0.467 Rus
    • ESET NOD32 4.0.468 EN
    • ESET NOD32 Antivirus 4.0.474
    • ESET NOD32 Antivirus 4.0.474 PL
    • ESET NOD32 Antivirus 4.0.474 Spanish
    • ESET NOD32 Antivirus 4.0.474 x64
    • ESET NOD32 4.2.71.2 fr
    • ESET NOD32 4.2.71.2 fr x64
    • ESET NOD32 Antivirus 3.0.684.0 RUS
    • ESET Antivirus 3.0.672.0 Spanish
    • ESET Antivirus 3.650 x64 German
    • ESET Antivirus 3.650 x64
    • ESET Antivirus 3.650 x64 Rus
    • ESET Endpoint Antivirus 5.0.2122.10
    • Eset Endpoint Antivirus 5.0.2126.0 x64
    • Eset Endpoint Antivirus 5.0.2126.3 x64 IT
    • Eset Endpoint Antivirus 5.0.2126.0 x86
    • Eset Endpoint Antivirus 5.0.2126.3 x86 IT
    • ESET Smart Security 4.2.40.10 x64
    • ESET NOD32 Antivirus 4.0.424.0 RUS
    • ESET NOD32 Antivirus 4.0.474.0
    • ESET NOD32 Antivirus 4.0.314 Russian
    • ESET NOD32 Antivirus 4.0.314 x64 Spanish
    • ESET NOD32 Antivirus 4.0.314.0
    • ESET NOD32 Antivirus 4.0.314.0 x64
    • ESET Smart Security 4.0.424.0 x64 Spanish
    • ESET Smart Security 4.0.314.0
    • ESET Smart Security 4.0.314.0 x64
    • Eset NOD32 Antivirus 3.0.669.0 china
    • ESET NOD32 Antivirus 3.0.672.0 RU
    • ESET Antivirus 3.0.642.0 eng
    • ESET NOD32 Antivirus 3.0.551.0
    • ESET NOD32 Antivirus 3.0.563.0
    • ESET NOD32 Antivirus 3.0.621
    • ESET Antivirus 3.642 German
    • ESET NOD32 Antivirus 3.0.645 Spanish
    • ESET Antivirus 3.650
    • ESET Antivirus 3.650 Rus
    • ESET NOD32 Antivirus 3.0.644.0 Traditional Chinese
    • ESET NOD32 Antivirus 3.0.667.0
    • ESET NOD32 Antivirus 3.0.669.0 Traditional Chinese
    • ESET NOD32 Antivirus 3.0.669.0 French
    • ESET NOD32 Antivirus 3.0.669 Spanish
    • ESET NOD32 Antivirus Brazilian 3.0.672
    • ESET Antivirus 3.0.672.0 English
    • ESET NOD32 Antivirus 3.0.672.0 FRA
    • ESET NOD32 Antivirus 3.0.684.0
    • ESET NOD32 Antivirus 3.0.695.0 Traditional Chinese
    • ESET NOD32 Antivirus 3.0.695
    • ESET NOD32 Antivirus 3.0.695 Spanish
    • ESET NOD32 Antivirus 3.0.695 x64 Spanish
    • Eset NOD32 Antivirus 4.0.474.0 x64 german
    • Eset NOD32 Antivirus 4.0.474.0 x86 german
    • ESET NOD32 Antivirus 4.2.35
    • ESET NOD32 Antivirus 4.2.35 x64
    • ESET NOD32 Antivirus 4.2.40.10 Brazil
    • ESET NOD32 Antivirus 4.2.40.10 Business Edition x86
    • ESET NOD32 Antivirus 4.2.40.10 FRA
    • ESET NOD32 Antivirus 4.2.40.10 FRA x64
    • ESET NOD32 Antivirus 4.2.40 Spanish
    • ESET NOD32 Antivirus 4.2.40.10 x64 Brazil
    • ESET NOD32 Antivirus 4.2.40.10 x64 Spanish
    • ESET NOD32 Antivirus 4.2.40
    • ESET NOD32 Antivirus 4.2.40 x64
    • ESET NOD32 Antivirus 4.2.42.0 x64
    • ESET NOD32 Antivirus 4.2.42.0
    • ESET NOD32 Antivirus 4.2.58
    • ESET NOD32 Antivirus 4.2.64
    • ESET NOD32 Antivirus 4.2.64 x64
    • ESET NOD32 Antivirus 4.2.64 x64 Spanish
    • ESET NOD32 Antivirus 4.2.67.10 Traditional Chinese
    • ESET NOD32 Antivirus 4.2.67.10 Traditional Chinese (x64)
    • ESET NOD32 Antivirus 4.2.67.10 x32 English
    • ESET NOD32 Antivirus 4.2.67.10 x64 English
    • ESET NOD32 Antivirus 4.2.67 Spanish
    • ESET NOD32 Antivirus 4.2.67 x64 Spanish
    • ESET NOD32 Antivirus 4.2.71.2 Traditional Chinese
    • ESET NOD32 Antivirus 4.2.71.2 Traditional Chinese (x64)
    • ESET NOD32 Antivirus 4.2.71.2
    • ESET NOD32 Antivirus 4.2.71.2 x64
    • ESET NOD32 Antivirus 4.2.71.3 x86
    • ESET NOD32 Antivirus 4.2.71.3 x64 ita
    • ESET NOD32 Antivirus 4.2.71.3 x64
    • ESET NOD32 Antivirus 4.2.71
    • ESET NOD32 Antivirus 4.2.71 Spanish
    • ESET NOD32 Antivirus 4.2.71 x64
    • ESET NOD32 Antivirus 4.2.71 x64 Spanish
    • ESET NOD32 Antivirus 4.2.76.1 Ru
    • ESET NOD32 Antivirus 4.2.76.1 Rus
    • ESET NOD32 Antivirus 4.2.76 Spanish
    • ESET NOD32 Antivirus 4.2.76 x64 Spanish
    • ESET NOD32 Antivirus 4.0.314 Spanish
    • ESET NOD32 Antivirus 4.2.64 Spanish
    • ESET NOD32 Antivirus 4.0.417.0 FRA
    • ESET NOD32 Antivirus 4.0.417 Spanish
    • ESET NOD32 Antivirus 4.0.417
    • ESET NOD32 Antivirus 4.0.424.0 Spanish
    • ESET NOD32 Antivirus 4.0.424.0 x64 Spanish
    • ESET NOD32 Antivirus 4.0.437.0
    • ESET NOD32 Antivirus 4.0.437 Spanish
    • ESET NOD32 Antivirus 4.0.467.0 Traditional Chinese
    • ESET NOD32 Antivirus 4.0.467.0 Traditional Chinese (x64)
    • ESET NOD32 Antivirus 4.0.467 Spanish
    • ESET NOD32 Antivirus 4.0.467 x64 Spanish
    • ESET NOD32 Antivirus 4.0.474.10 Traditional Chinese
    • ESET NOD32 Antivirus 4.0.474.10 Traditional Chinese (x64)
    • Eset NOD32 Antivirus 5.2.9.12 x64 german
    • Eset NOD32 Antivirus 5.2.9.12 x64 spanish
    • Eset NOD32 Antivirus 5.2.9.12 x64 french
    • Eset NOD32 Antivirus 5.2.9.12 x86 german
    • Eset NOD32 Antivirus 5.2.9.12 x86 spanish
    • Eset NOD32 Antivirus 5.2.9.12 x86 french
    • Eset NOD32 Antivirus 5.2.9.12 x86 IT
    • Eset NOD32 Antivirus 5.2.9.1 x64
    • Eset NOD32 Antivirus 5.2.9.1 x86
    • Eset NOD32 Antivirus 6.0.306.2 x64 russian
    • Eset NOD32 Antivirus 6.0.306.2 x86 russian
    • ESET NOD32 Antivirus Business Edition 3.0.650.0 Spanish
    • ESET NOD32 Antivirus Business Edition 4.0.424.0
    • Eset Nod32 Antivirus Business Edition 4.2.71.2 / 4.2.76.0 x64
    • Eset Nod32 Antivirus Business Edition 4.2.71.2 / 4.2.76.0 x32
    • ESET Remote Administrator Console 2.0.29
    • ESET Remote Administrator Console 3.0.105
    • ESET Remote Administrator Server 3.0.105
    • ESET Smart Security 3.0.645 Spanish
    • ESET Smart Security German
    • ESET Smart Security
    • ESET Smart Security Rus
    • ESET Smart Security 3.0.667 Spanish
    • ESET Smart Security 3.0.672 English
    • ESET Smart Security 3.0.672.0 Spanish
    • ESET Smart Security 3.0.695 Spanish
    • ESET Smart Security 3.0.695 x64 Spanish
    • ESET Smart Security 4.0.437.0 PL
    • ESET Smart Security 4.2.22.0 x64
    • ESET Smart Security 4.2.40
    • ESET Smart Security 4.2.64
    • ESET Smart Security 4.2.64 Spanish
    • ESET Smart Security 4.2.64 x64
    • Eset Smart Security 4.2.71.2 x64 german
    • Eset Smart Security 4.2.71.2 x86 german
    • ESET Smart Security 4.2.71
    • ESET Smart Security 4.2.71 Spanish
    • ESET Smart Security 4.2.71 x64
    • ESET Smart Security 4.2.71 x64 Spanish
    • ESET Smart Security 4.2.76.0 x64
    • ESET Smart Security 4.2.76.0
    • ESET Smart Security 4.2.76.1
    • ESET Smart Security 4.2.76.1 x64
    • ESET Smart Security 4.2.76 Spanish
    • ESET Smart Security 4.0.314.0 PL
    • ESET Smart Security 4.0.314.0 Spanish
    • ESET Smart Security 4.0.417.0 Spanish
    • ESET Smart Security 4.0.424.0 PL
    • ESET Smart Security 4.0.424.0 Spanish
    • ESET Smart Security 4.0.437.0 Spanish
    • ESET Smart Security 4.0.467.0
    • ESET Smart Security 4.0.467 Spanish
    • ESET Smart Security 4.0.474 Spanish
    • ESET Smart Security 4.0.417.0 Fr
    • ESET Smart Security 4.0.437.0 Fr
    • ESET Smart Security 4.0.424.0 Fr
    • Eset Smart Security 5.0.95.0 x64 turkish
    • Eset Smart Security 5.0.95.0 x86 turkish
    • Eset Smart Security 5.0.95 x64 german
    • Eset Smart Security 5.0.95 x86 german
    • Eset Smart Security 5.2.15.0 x64
    • Eset Smart Security 5.2.15.0 x86
    • Eset Smart Security 5.2.15.1 x64 german
    • Eset Smart Security 5.2.15.1 x64 spanish
    • Eset Smart Security 5.2.15.1 x64 french
    • Eset Smart Security 5.2.15.1 x64 russian
    • Eset Smart Security 5.2.15.1 x86 german
    • Eset Smart Security 5.2.15.1 x86 spanish
    • Eset Smart Security 5.2.15.1 x86 french
    • Eset Smart Security 5.2.15.1 x86 russian
    • Eset Smart Security 5.0.9.12 x64 german
    • Eset Smart Security 5.0.9.12 x64 spanish
    • Eset Smart Security 5.0.9.12 x64 french
    • Eset Smart Security 5.0.9.12 x86 german
    • Eset Smart Security 5.0.9.12 x86 spanish
    • Eset Smart Security 5.0.9.12 x86 french
    • Eset Smart Security 5.2.9.12 x86 turkish
    • Eset Smart Security 5.0.9.1 x64
    • Eset Smart Security 5.0.9.1 x86
    • Eset Smart Security 6.0.306.2 x64 russian
    • Eset Smart Security 6.0.306.2 x86 russian
    • ESET Smart Security x64 Ger
    • ESET Smart Security x64
    • ESET Smart Security x64 Rus
    • eTrust EZ Antivirus 6.1
    • eTrust EZ Firewall 6.1.7.0
    • CA eTrust Anti-Virus 7.1.0194
    • eTrust Anti-Spam 2005
    • eTrust EZ Antivirus 2005-2008
    • eTrust Personal Firewall 5.5.114
    • eEye Digital Security Blink 4
    • Trust EZ Firewall 5.1.039
    • Filseclab Personal Firewall
    • Microsoft Forefront Client Security Antimalware Service 1.5.1973
    • Microsoft Forefront Client Security Antimalware Service 1.5.1981.0
    • Microsoft Forefront Client Security Antimalware Service 1.5.1941
    • FortiClient 3
    • FortiClient 4.0.4.0061
    • FortiClient 4.0.4.0061 x64
    • FortiClient Endpoint Security 4
    • F-PROT Antivirus 6.0.9.1
    • F-PROT Antivirus 6.0.9.1 x64
    • F-PROT Antivirus for Windows 6
    • F-PROT Antivirus for Windows 6.0.7.1
    • F-Prot for Windows 3.14
    • F-Secure antivirus for workstation 9.10
    • F-Secure antivirus for workstation 9.20
    • F-Secure Client Security - Virus & Spy Protection
    • F-Secure Client Security 8.01
    • F-Secure Client Security 9.01
    • F-Secure Client Security 9.10
    • F-Secure Client Security 9.11
    • F-Secure Client Security 9.20
    • F-Secure Client Security 9.30
    • F-Secure Client Security 9.31
    • F-Secure Client Security 9.32
    • F-Secure Client Security 9.00/2010/2011
    • F-Secure Internet Security 2012
    • F-Secure Anti-Virus 2006
    • F-Secure Anti-Virus/Internet Security 2008
    • F-Secure Anti-Virus/Internet Security 2009
    • F-Secure Anti-Virus 5-6
    • F-Secure Client Security 7.11
    • F-Secure Anti-Virus for Workstations 9.0 + DeepGuard
    • F-Secure Anti-Virus for Workstations 9.0
    • F-Secure Anti-Virus for Workstations - Virus & Spy Protection 2009
    • F-Secure Anti-Virus / STREAM Antivirus 9.20 / F-Secure Antivirus for workstation 9.01
    • F-Secure Anti-Virus for Windows Servers 7.20
    • F-Secure Anti-Virus for Windows Servers 7.01
    • F-Secure Anti-Virus for Windows Servers 8.00 build 123
    • G DATA AntiVirus 19.0.0.53
    • G DATA AntiVirus 2010
    • G DATA AntiVirus 2012
    • G DATA AntiVirus Client
    • G DATA InternetSecurity 2008
    • G DATA AntiVirusKit 2005
    • G DATA Internet Security 19.0.0.53
    • G DATA InternetSecurity 2010
    • G DATA InternetSecurity 2011
    • G DATA Total Care 19.0.0.53
    • G DATA TotalCare 2010
    • VIPRE Antivirus
    • VIPRE Internet Security
    • Zone Labs IMsecure 1.5.0.39
    • Integrity Flex 5
    • Iolo Personal Firewall 1.5.2
    • IObit Malware Fighter
    • IObit Security 360
    • InfoWatch CryptoStorage (2.1.36)
    • K7AntiVirus 7.0
    • K7TotalSecurity 9.5
    • K7TotalSecurity 10
    • Kaspersky Anti-Hacker 1.0-1.5
    • Kaspersky Anti-Hacker 1.0-1.5 (Silent uninstall)
    • Kaspersky Anti-Hacker 1.7-1.9
    • Kaspersky Anti-Hacker 1.7-1.9 (Silent uninstall)
    • Kaspersky Anti-Virus 4.x
    • Kaspersky Anti-Virus 4.x (Silent uninstall)
    • Kaspersky Anti-Spam Personal 1.1-1.2
    • Kaspersky Anti-Spam Personal 1.1-1.2 (Silent uninstall)
    • Kaspersky Anti-Spam Personal 1.0
    • Kaspersky Anti-Spam Personal 1.0 (Silent uninstall)
    • Kaspersky Anti-Virus 5.0 for Windows File Servers
    • Kaspersky Anti-Virus 5.0 for Windows File Servers (Silent uninstall)
    • Kaspersky Anti-Virus Lite 4.5
    • Kaspersky Anti-Virus Lite 4.5 (Silent uninstall)
    • Kaspersky Anti-Virus Personal Pro 5.0 (5.0.16 - 5.0.20)
    • Kaspersky Anti-Virus Personal Pro 5.0 (5.0.372 - 5.0.712)
    • Kaspersky Anti-Virus Personal Pro 5.0 (5.0.372 - 5.0.712) (Silent uninstall)
    • Kaspersky Anti-Virus Personal Pro 5.0 (5.0.16 - 5.0.20) (Silent uninstall)
    • Kaspersky Anti-Virus Personal 5.0
    • Kaspersky Anti-Virus Personal 5.0 (Silent uninstall)
    • Kaspersky Anti-Virus for Windows Workstation 5.0 (5.0.145 - 5.0.225)
    • Kaspersky Anti-Virus for Windows Workstation 5.0 (5.0.145 - 5.0.225) (Silent uninstall)
    • Kerio Personal Firewall 4.1.2
    • Kerio Personal Firewall 4.2.3
    • Kerio WinRoute Firewall 6.0
    • Kerio Personal Firewall 6.7.1
    • Kerio Personal Firewall 6.7.6
    • Kerio Personal Firewall 6.7.6 x64
    • Kerio Personal Firewall 2.1.5
    • Kaspersky Anti-Virus driver KL1
    • KLFLTDEV Upper Filter
    • Kaspersky Anti-Virus driver KLFLT
    • Kaspersky Anti-Virus driver KLICK (9x)
    • Kaspersky Anti-Virus driver KLICK
    • Kaspersky Anti-Virus driver KLIF
    • Kaspersky Anti-Virus driver KLIF detected by registry
    • Kaspersky Anti-Virus driver KLIN (9x)
    • Kaspersky Anti-Virus driver KLIN
    • Kaspersky Anti-Virus driver KLMC (9x)
    • Kaspersky Anti-Virus driver KLMC
    • Kaspersky Anti-Virus driver KLOP (9x)
    • Kaspersky Anti-Virus driver KLOP
    • Kaspersky Anti-Virus driver KLPF (9x)
    • Kaspersky Anti-Virus driver KLPF
    • Kaspersky Anti-Virus driver KLPID (9x)
    • Kaspersky Anti-Virus driver KLPID
    • LANDesk Antivirus 8
    • Lavasoft Personal Firewall x32
    • Lavasoft Personal Firewall x64
    • Lavasoft Personal Firewall 1.0
    • Lightspeed Systems Security Agent 6.0
    • Lightspeed Systems Security Agent 6.2.0
    • Lightspeed Security Agent 7.01.02
    • Lightspeed Security Agent 7.01.03
    • Lightspeed Security Agent 7.02.01
    • Lightspeed Security Agent 7.02.03
    • Lightspeed Security Agent 8.00.01
    • Lightspeed Security Agent (x64) 8.00.01
    • Lightspeed Security Agent 8.00.02
    • Lightspeed Security Agent 8.00.03
    • Lightspeed Security Agent 8.01.02
    • Lightspeed Security Agent 8.01.04
    • Lightspeed Security Agent 8.02.01
    • Lightspeed Security Agent 8.02.01 x64
    • Lightspeed Security Agent 8.02.02
    • Lightspeed Security Agent 8.02.02 x64
    • Lightspeed Security Agent 8.02.04
    • Lightspeed Security Agent 8.02.04 x64
    • Lightspeed Security Agent 8.02.05
    • Lightspeed Security Agent 7
    • Loaris Trojan Remover 1.2
    • Look 'n' Stop Firewall 2.06
    • AdAware 7-8
    • McAfee Agent 4.0
    • McAfee Agent 4.0.0.1496
    • McAfee Agent (generic)
    • McAfee Alert Manager 4.7.1
    • McAfee AntiSpyware Enterprise 8.5
    • McAfee Anti-Spyware Enterprise Module
    • McAfee Desktop Firewall 8.0 / 8.5
    • McAfee Firewall 4
    • McAfee Firewall Protection Service 5.2.0.603
    • McAfee Personal Firewall Plus 7
    • McAfee Host Intrusion Prevention 8.00.0202 x64
    • McAfee Host Intrusion Prevention 8.00.0202 x86
    • McAfee Firewall Protection Service 8.2.120
    • McAfee SiteAdvisor 2.x
    • McAfee Virus and Spyware Protection Service 5.2.2.121
    • McAfee Virus and Spyware Protection Service 5.2.2.104
    • McAfee Virus and Spyware Protection Service
    • McAfee Security Center 10.0.587
    • McAfee SiteAdvisor
    • McAfee SiteAdvisor Enterprise Plus 3.0.0.476
    • McAfee Site Advisor 3.0.163
    • McAfee Total Protection 10.5.178
    • McAfee Total Protection 11.0.623 build 12.0.129.0
    • McAfee Total Protection Service 4.9.2.358
    • McAfee VirusScan Enterprise 7.1.0
    • McAfee VirusScan Home Edition
    • McAfee VirusScan 4.5.1
    • McAfee VirusScan Enterprise 7.0 German
    • McAfee VirusScan Enterprise 7.0
    • McAfee VirusScan Enterprise 7.1 German
    • McAfee VirusScan Enterprise 7.1 French
    • McAfee VirusScan Enterprise 7.1
    • McAfee VirusScan Enterprise 8.0 German
    • McAfee VirusScan Enterprise 8.0
    • McAfee VirusScan Enterprise 8.0 italian
    • McAfee VirusScan Enterprise 8.0 Spanish
    • McAfee VirusScan Enterprise 8.5.0i
    • McAfee VirusScan 4.5.1 Simplified Chinese
    • McAfee VirusScan 4.5.1 Traditional Chinese
    • McAfee VirusScan 4.5.1 Dutch
    • McAfee VirusScan 4.5.1 French
    • McAfee VirusScan 4.5.1 German
    • McAfee VirusScan 4.5.1 Italian
    • McAfee VirusScan 4.5.1 Korean
    • McAfee VirusScan 4.5.1 Polish
    • McAfee VirusScan 4.5.1 Portuguese
    • McAfee VirusScan 4.5.1 Spanish
    • McAfee VirusScan 4.5.1 Swedish
    • McAfee VirusScan Enterprise 8.0i French
    • McAfee VirusScan Enterprise 8.0.0
    • McAfee Virus Scan Enterprise 8.0.0 Patch 10
    • McAfee VirusScan Enterprise 8.7.0i
    • McAfee VirusScan Enterprise 8.8.0
    • Microsoft Forefront Client Security Antimalware Service 1.5.1993
    • Microsoft Forefront Client Security Antimalware Service 1.5.1996
    • Microsoft Forefront Client Security Antimalware Service 1.5.19
    • Microsoft Forefront Client Security Antimalware Service 1.5
    • Microsoft Forefront Client Security State Assessment Service 1.0
    • Microsoft Forefront Server Security 10.0
    • Microsoft Security Client 2.1.1116.0
    • Microsoft Security Essentials 2-4
    • Microsoft Security Essentials 2-4 x64
    • Microsoft Security Essentials Prerelease 4.2.223
    • Microsoft Security Essentials (all versions)
    • Microsoft Security Essentials x64 (all versions)
    • Microsoft AntiSpyware
    • Microsoft System Center 2012 Endpoint Protection x64
    • Symantec Norton AntiVirus 2008
    • Norton AntiVirus Corporate Edition 7.6.0.0000
    • Symantec Norton AntiVirus 2004 Professional
    • Symantec Norton AntiVirus 2005
    • Symantec Norton Internet Security 2005/2006 (8.0.0.64)
    • Symantec Norton Internet Security 2007
    • Eset NOD32 for Windows 2.xx
    • Eset NOD32 for Windows 2.x
    • ESET NOD32 Antivirus rus 3.0.669.0
    • Norman Virus Control 5.9
    • Norman Endpoint Protection 9.0 x32
    • Norman Endpoint Protection 9.0 x64
    • Norman Endpoint Protection 7.20
    • Norman Endpoint Protection 8.10.0300 x64
    • Norman Personal Firewall 1.42
    • Norman Virus Control 5.8
    • Norman Virus Control 2008 5.99
    • Nortel Networks Contivity VPN Client 4.86
    • Symantec AntiVirus 10.0.2.2000
    • Symantec AntiVirus 10.0.6.600
    • Symantec AntiVirus 10.0.1000
    • Symantec AntiVirus 10.1.394
    • Symantec AntiVirus 10.1.5.5000
    • Symantec AntiVirus 10.1.6.6000
    • Symantec AntiVirus 10.1.8.8000
    • Symantec AntiVirus 10.0.359
    • Symantec AntiVirus 10.1.4.4000
    • Norton AntiVirus 5.02 for Windows NT Workstation
    • Norton AntiVirus Corporate Edition 7.5
    • Symantec AntiVirus Corporate Edition 8
    • Symantec AntiVirus Corporate Edition 9.0.4
    • Symantec AntiVirus Corporate Edition 9.0.6
    • Symantec AntiVirus Corporate Edition 9.0.0
    • Norton AntiVirus Corporate Edition 7.0
    • Symantec AntiVirus 10.2.0.276
    • Symantec AntiVirus 10.1.6.6000 for x64
    • Symantec AntiVirus 10.1.5000.5 for x64
    • nProtect Antivirus/Antispyware 2007
    • Agnitum Outpost Firewall 1.0
    • Agnitum Outpost Firewall 1.0 SDK
    • Agnitum Outpost Firewall Pro 2.1
    • Agnitum Outpost Firewall 2.5
    • Agnitum Outpost Firewall 2.x
    • Agnitum Outpost Network Security Client 3.5
    • Agnitum Outpost Antivirus Pro 6
    • Agnitum Outpost Antivirus Pro 6 x64
    • Agnitum Outpost Security Suite Pro 6.0 x64
    • Agnitum Outpost Security Suite Pro 6.0
    • Panda Antivirus 2007/2008 3.01.00
    • Panda AdminSecure 2007-2010
    • Panda Antivirus Pro 2009 - 2013
    • Panda Antivirus Pro 2009 - 2013 x64
    • Panda Cloud Antivirus 2.0.1
    • Panda Client Shield 4.01.10 / Panda Security for Desktops 4.03.10.0000
    • Panda Endpoint Agent 6.20.00.0000
    • Panda Endpoint Protection 5.50.00.0000 x64
    • Panda Endpoint Protection 5.50.00.0000 x86
    • Panda Endpoint Protection 06.20.11.0000 x64
    • Panda Endpoint Protection 06.20.11.0000 x86
    • Panda Global Protection 2012 v5.01.00
    • Panda Internet Security 2009 - 2013 / Panda IS 2012 for Netbooks
    • Panda Platinum Internet Security
    • Panda Security for File Servers 8
    • Panda Security for Desktops 4.50.22
    • Panda Security for Desktops 4.50
    • Panda Security for File Servers 8.50
    • Panda WebAdmin AntiVirus
    • PC-cillin AntiVirus 2002
    • PC Tools Firewall Plus 5.0
    • PC Tools Firewall Plus 3.0 for Windows
    • PC Tools Spyware Doctor 8.0 - 9.0 \ PC Tools Internet Security 8.0
    • Spam Monitor 3.0
    • PrivateFirewall 6-7
    • Quick Heal AnitVirus 2008
    • Quick Heal Total Security 2008
    • SafeGuard PrivateCrypto 2.31.1
    • StarForce SafenSec
    • Sophos AutoUpdate 2.x
    • Sophos Anti-Virus version 4.6.10
    • Sophos Antivirus 4.x
    • Sophos Antivirus 6.x/5.x
    • Sophos Anti-Virus 7.x
    • Sophos Endpoint Security and Control 9.X - 10.x \ Sophos Anti-Virus 10.0.10
    • Sophos Enterprise Console 3.0.0
    • Sophos Enterprise Console 4.5.0
    • Sophos Management Server 5.1 x86
    • Sophos NAC Application Server 3.5.305.0
    • Sophos NAC Application Server 3.5.305.0 x64
    • Agnitum Spam Terrier x64
    • Agnitum Spam Terrier
    • Spybot - Search & Destroy 1.3 & 1.4
    • Spybot - Search & Destroy 1.6.2
    • Sygate Personal Firewall 5
    • Steganos Internet Anonym Pro 7
    • Sunbelt iHate Spam for Outlook 5.3.4347.0
    • Sunbelt Personal Firewall 4.5
    • Sunbelt iHateSpam for Microsoft Outlook 5
    • Subelt iHate Spam 4.0.632
    • Sunbelt personal Firewall 4.6.1861
    • Sunbelt VIPRE 3.0
    • VIPRE Antivirus 4.0.3275
    • VIPRE Antivirus 4.0.3907 / VIPRE GFI Business Agent 5.0
    • VIPRE Antivirus 4.0.3248
    • Sunbelt VIPRE Antivirus and Antispyware 3.2.1881.2
    • SUPERAntiSpyware Free Edition 4.26.0.1002
    • Sygate Personal Firewall 5.5
    • Sygate Personal Firewall 5.0
    • Symantec AntiVirus 10.2.1000.1
    • Symantec AntiVirus 10.2.1000.1 for 64-bit
    • Symantec AntiVirus 10.2.2000.2
    • Symantec AntiVirus 10.2.298.0
    • Symantec AntiVirus 10.2.3.3000
    • Symantec AntiVirus 10.2.4000.4
    • Symantec AntiVirus 10.2.4000.4 x64
    • Symantec Antivirus 10.0.1000.1
    • Symantec AntiVirus 10.0.2000.2 german
    • Symantec Antivirus 10.1.7000.7 x64
    • Symantec Antivirus 10.1.7000.7 x86
    • Symantec Client Security 10.1.5000.5
    • Symantec Client Firewall 8.7.4.79 & Symantec AntiVirus 10.1.4.4000
    • Symantec.cloud - Cloud Agent
    • Symantec.cloud - Endpoint Protection - Desktop 20.1.0.24 x64
    • Symantec.cloud - Endpoint Protection - Desktop 20.1.0.24 x86
    • Symantec.cloud - Endpoint Protection - Server 12.1.1101.401
    • Symantec Client Security 10.1.7000.7
    • Symantec Client Security 10.1.8000.8
    • Symantec Client Security 10.1.9000.9
    • Symantec Client Security 10.1.9000.9 x64
    • Symantec Client Security 10.1.394.0
    • Symantec Client Security 9.0
    • Symantec Endpoint Protection 11.0.5002.333
    • Symantec Endpoint Protection 11.0.5002.333 x64
    • Symantec Endpoint Protection 11.0.6000.550
    • Symantec Endpoint Protection 11.0.6000.550 x64
    • Symantec Endpoint Protection 11.0.6005.562
    • Symantec Endpoint Protection 11.0.6005.562 x64
    • Symantec Endpoint Protection 11.0.6100.645
    • Symantec Endpoint Protection 11.0.6100.645 x64
    • Symantec Endpoint Protection 11.0.6200.754
    • Symantec Endpoint Protection 11.0.6200.754 x64
    • Symantec Endpoint Protection 11.0.6300.803
    • Symantec Endpoint Protection 11.0.6300.803 x64
    • Symantec Endpoint Protection 11.0.700.975
    • Symantec Endpoint Protection 11.0.700.975 x64
    • Symantec Endpoint Protection 11.0.7101.1056
    • Symantec Endpoint Protection 11.0.7101.1056 x64
    • Symantec Endpoint Protection 11.0.7200.1147 x86
    • Symantec Endpoint Protection 11.0.7200.1147 x64
    • Symantec Endpoint Protection 11.0.2000.1567
    • Symantec Endpoint Protection 11.0.3
    • Symantec Endpoint Protection 11.0.3 x64
    • Symantec Endpoint Protection 11.0.4000.2295
    • Symantec Endpoint Protection x64 11.0.4000.2295
    • Symantec Endpoint Protection 11.0.4010
    • Symantec Endpoint Protection 11.0.4014.26
    • Symantec Endpoint Protection x64 11.0.4014.26
    • Symantec Endpoint Protection 11.0.4202.75
    • Symantec Endpoint Protection 11.0.4202.75 x64
    • Symantec Endpoint Protection 12.0.1001.95
    • Symantec Endpoint Protection 12.0.1001.95 x64
    • Symantec Endpoint Protection 12.0.122.192 Brazil
    • Symantec Endpoint Protection 12.0.122.192 x64 Brazil
    • Symantec Endpoint Protection 12.1.1000.157.105 x64 russian
    • Symantec Endpoint Protection 12.1.1000.157.105 x86 russian
    • Symantec Endpoint Protection 12.1.1000.157 RU / FR
    • Symantec Endpoint Protection 12.1.1000.157 x64 german
    • Symantec Endpoint Protection 12.1.1000.157 x64 FR
    • Symantec Endpoint Protection 12.1.1000.157 x64 IT
    • Symantec Endpoint Protection 12.1.1000.157 (x86) DE
    • Symantec Endpoint Protection 12.1.1000.157 x86 italy
    • Symantec Endpoint Protection 12.1.1000.157 Brazil
    • Symantec Endpoint Protection 12.1.1000.157 Brazil x64
    • Symantec Endpoint Protection 12.1.1000.157
    • Symantec Endpoint Protection 12.1.1000.157 x64
    • Symantec Endpoint Protection 12.1.1101.401 x64 spanish
    • Symantec Endpoint Protection 12.1.1101.401 x86 spanish
    • Symantec Endpoint Protection 12.1.1101.401 Eng
    • Symantec Endpoint Protection 12.1.1101.401 Rus
    • Symantec Endpoint Protection 12.1.1101.401 x64 portugese
    • Symantec Endpoint Protection 12.1.1101.401 x64 chinese traditional
    • Symantec Endpoint Protection 12.1.1101.401 x64 chinese simplified
    • Symantec Endpoint Protection 12.1.1101.401 x64
    • Symantec Endpoint Protection 12.1.1101.401 x64 Eng
    • Symantec Endpoint Protection 12.1.1101.401 x64 french
    • Symantec Endpoint Protection 12.1.1101.401 x64 italian
    • Symantec Endpoint Protection 12.1.1101.401 x64 Rus
    • Symantec Endpoint Protection 12.1.1101.401 x86 portugese
    • Symantec Endpoint Protection 12.1.1101.401 x86 chinese traditional
    • Symantec Endpoint Protection 12.1.1101.401 x86 chinese simplified
    • Symantec Endpoint Protection 12.1.1101.401 x86
    • Symantec Endpoint Protection 12.1.1101.401 x86 french
    • Symantec Endpoint Protection 12.1.1101.401 x86 italian
    • Symantec Endpoint Protection 12.1.2015.2015 x64 german
    • Symantec Endpoint Protection 12.1.2015.2015 x64
    • Symantec Endpoint Protection 12.1.2015.2015 x64 IT
    • Symantec Endpoint Protection 12.1.2015.2015 x64 russian
    • Symantec Endpoint Protection 12.1.2015.2015 x86 german
    • Symantec Endpoint Protection 12.1.2015.2015 x86
    • Symantec Endpoint Protection 12.1.2015.2015 x86 IT
    • Symantec Endpoint Protection 12.1.2015.2015 x86 russian
    • Symantec Endpoint Protection 12.1.601.4699 x64
    • Symantec Endpoint Protection 12.1.671.4971.105
    • Symantec Endpoint Protection 12.1.671.4971 x64 chinese
    • Symantec Endpoint Protection 12.1.671.4971 (x64) DE
    • Symantec Endpoint Protection 12.1.671.4971.105 x64
    • Symantec Endpoint Protection 12.1.671.4971 x86 chinese
    • Symantec Endpoint Protection 12.1.671.4971 (x86) DE
    • Symantec Endpoint Protection 12.1.671.4971 (x86) IT
    • Symantec Endpoint Protection 12.1.671.4971 FR
    • Symantec Endpoint Protection 12.1.671.4971
    • Symantec Endpoint Protection 12.1.671.4971 Spanish
    • Symantec Endpoint Protection 12.1.671.4971 Spanish x64
    • Symantec Endpoint Protection 12.1.671.4971 x64 FR
    • Symantec Endpoint Protection 12.1.671.4971 x64
    • Symantec Endpoint Protection x64 11.0.1000.1375
    • Symantec Endpoint Protection 11.0.2010.25
    • Symantec Endpoint Protection 11.0.20 x64
    • Symantec Endpoint Protection 11.0.780.1008 and 11.0.1000.1375
    • Symantec Endpoint Protection 11.0.901.2006
    • Symantec Endpoint Protection 11.0.2020.56
    • Symantec LiveUpdate
    • Symantec Network Access Control v11.0.6100.645
    • Symantec Network Access Control v11.0.7200.1147
    • Symantec Network Access Control v12.1.1101.401 x64
    • Symantec Network Access Control v12.1.1101.401 x86
    • Symantec Protection Agent 5.1
    • Tiny Firewall Pro 6.0
    • Tiny Personal Firewall 6.5.92
    • Trend Micro Client/Server Security Agent 3.7.1055
    • Trend Micro OfficeScan Client 8 / 10
    • Client Trend SBSA 3.0 SP1
    • Trend Micro Anti-Spyware 3.0/3.5
    • Trend Micro PC-cillin Internet Security 2006 (14)
    • Trend Micro OfficeScan Client 5.0 - 10.0
    • Trend Micro OfficeScan Server 10.5.1083
    • Trend Micro ServerProtect 5.80
    • Trend Micro ServerProtect 5.80 x64
    • Trend Micro ServerProtect 5.58
    • Trend Micro Worry-Free Business Security Agent 7.0 x64
    • Trend Micro Worry-Free Business Security Agent 7.0 x86
    • Trend Micro PC-cillin AntiSpam Pilot
    • Trend Micro PC-cillin Internet Security 2008
    • Trend Micro PC-cillin Internet Security 2005
    • Trend Micro PC-cillin Internet Security 2007
    • Trustport Antivirus 2013/Internet Security 2013/Total Protection 13.0.6.5088
    • Installer for User Profile Hive Cleanup Service 1.6.36
    • V3 Lite
    • VirusBlokAda AntiVirus 3.11
    • Virus Block ADA 32 3.12.10.1
    • Vexira/VirusBuster Antivirus Professional 6.2
    • Vexira Antivirus Professional 7.3
    • Vexira Antivirus Professional 7.3 x64
    • Vexira Antivirus CMS 7
    • Vexira Antivirus Professional 5.3
    • Vexira Antivirus for Windows Servers 7
    • Vexira Antivirus for Windows Servers 7 x64
    • Vexira Antivirus for Windows Servers 5.3
    • TEGAM International ViGUARD
    • ViRobot Desktop 5.5 ISMS
    • ViRobot Desktop 5.0
    • ViRobot ISMS Client 3.5
    • ViRobot Windows Server 3.5
    • Virus Buster Internet Security 6.0
    • Virus Chaser 5.0a
    • Webroot AntiSpyware Client 3.5.1.5088
    • Webroot AntiSpyware Client 3.5.1.5118
    • Webroot AntiSpyware Client 3.5
    • Webroot Internet Security Essentials 6.0 / Webroot AntiVirus and AntiSpyware
    • Windows Live OneCare 2.0.2500.14
    • Kaspersky Anti-Virus for Windows Workstations 5.0 (5.0.527 - 5.0.712)
    • Kaspersky Anti-Virus for Windows Workstations 5.0 (5.0.527 - 5.0.712) (Silent uninstall)
    • Zillya! Antivirus 1.1.2343.0

    Cannot Install Ivanti Antivirus due to incompatible software detected by Kaspersky AV

    $
    0
    0

    Description

    Kaspersky Antivirus stops installation, due to incompatible software on the target device.

    A list of incompatible Software can be found under

     

    Solution

    Warning If you use the pSKIPPRODUCTCHECK=1 parameter, Kaspersky and Ivanti will not be responsible for any possible operating system malfunctioning caused by incompatibility of Kaspersky or Ivanti products with other applications.

     

    For detailed instructions see this document: How to Install the Ivanti AV bypassing the Incompatibility check

     

    In order to skip the product compatibility check at install, do the following:

     

    1. On the core server navigate to Program Files (x86)\LANDesk\ManagementSuite\ldlogon\avclient\install\setup
    2. Open Kes8win.kpd in a text editor.
    • Find the [Setup] block and modify the Params option as follows:
      • Params=/s /pAKINSTALL=1 /pEULA=1 /pSKIPPRODUCTCHECK=1 /pSKIPPRODUCTUNINSTALL=1
    • Save the changes in Kes8win.kpd

     

    Do the same with the Kes8win.kud file:

    1. Open Kes8win.kud in a text editor
    • Find the [Setup] block and modify the Params option as follows:
      • Params=/s /pAKINSTALL=1 /pEULA=1 /pSKIPPRODUCTCHECK=1 /pSKIPPRODUCTUNINSTALL=1
    • Save the changes in Kes8win.kud.

    About LANDESK Antivirus 9.6 on Windows 8.1 or Windows Server 2012 R2

    $
    0
    0

    Current Status

    LANDESK Antivirus is supported on Windows 8.1 or Server 2012 R2 at this time. (Last update: 23 February 2014)

     

    For 9.6: Support for Windows 2008 R2 and Windows 8.1 is included

     

    Note: Best Practices for Server OS include setting up exclusions and testing before a general rollout.  See this doc from Kaspersky for exclusion suggestions (other exclusions may be needed): http://usa.kaspersky.com/sites/usa.kaspersky.com/files/Kaspersky%20Lab%20Scan%20Exclusions.pdf

     

    For more information about support for Windows 8.1 in LANDESK Management Suite see: LANDESK Management Suite and Windows 8.1


    How to Install Ivanti Antivirus bypassing the incompatibility check

    $
    0
    0

    Issue

     

    You are unable to install Ivanti Antivirus for some unknown reason.   You have also found that while running the AV install in an interactive way using the following command line that the installer indicates that a bit of software is incompatible with the AV and the software highlighted is vital for your environment and cannot be uninstalled.

     

    Vulscan.exe /installav /interactive

     

    Cause


    The installer in its default state will not install the AV product if an incompatible bit of software is detected, and is unable to uninstall it. This will stop the process, and prevent the AV installing at all

    Here are two articles highlighting the list of incompatible software:


    http://support.kaspersky.com/9371

    This list is ever expanding as we are finding more and more software that stops the installer from working as designed.

     

    Resolution


    There is a workaround for this.  It is recommended that you uninstall any previous LDMS agent and any AV software on the machine as this will affect the AV installation.

     

     

    http://community.landesk.com/support/docs/DOC-2092

     

     

    Warning If you use the pSKIPPRODUCTCHECK=1 parameter, Kaspersky and Ivanti will not be responsible for any possible operating system malfunctioning caused by incompatibility of Kaspersky or Ivanti products with other applications.

     

    It is suggested to create a separate self-contained agent for this process in order to control which machines you install the configured AV on and not affect your entire network, which can create issues later on.

     

    In this workaround it is suggested that you perform these actions when no agent updates are being pushed out or updated. This is to prevent the agents installing without the incapability check outside of your control.

     


    Steps to create the Self-Contained Exe to install AV on machines with incompatible software

     

    1.  Navigate to the location of the files that we are going to change:
    C:\program Files(x86\LANDesk\ManagementSuite\ldlogon\avclient\install\setup
    The files we are changing are :

     

    Kes10win.kpd

    Kes10win.kud

     

    location of file.PNG

     

    2. Create a backup of the files before making any changes

    create backup files before making any changes.PNG

    3. Open up the Kes10win.kud file in notepad for editing

    This is the file before the changes

    file before changes.PNG

    4. Find the [Setup] block and modify the Params option as follows:

     

    Params=/s /pAKINSTALL=1 /pEULA=1 /pKSN=0 /pSKIPPRODUCTCHECK=1 /pSKIPPRODUCTUNINSTALL=1

     

    file after changes.PNG

    5. Rebuild all the agents for the changes to take effect in all the agents with the AV component checked

    rebuild all agents for the chnages to take effect.PNG

    6. Create a self-contained executable with a name to highlight that the exe will install the AV without the incapability check, for future reference

    xcreate self contained agent with a name to indicate that the prodcut check is skipped in AV.PNG

    7.  Now the self-contained agent is created, we now need to revert the changes to the AV installation so no other agent deployments are effected.  First delete the configured files and rename the backups to reset the AV setup back to default

    delete these files and rename the backups to the orginal names to revert changes.PNG

    8. Changes reverted, back to default

    reverted.PNG

    9. Now rebuild all agents again for the defaults to be reinserted into the agent installations

    rebuild all agents for the chnages to take effect.PNG

    Best Known method for creating a Zero Day Antivirus update policy

    $
    0
    0

    Zero Day AV Update

     

    Problem

    Your security compliance states you are required to ensure the AV definitions on each machine in your environment are updated as close as possible to the current date. In other words, you require a 'Zero' Day AV update' policy.

     

    Solution

    Unfortunately, due to the complexity of the problem, there is not one easy solution to achieve this but there are a variety of methods that you can utilize on the Core and the client to make sure that you get on or close to the 'Zero' day AV update target.  In addition to this, you will have reports to reflect this.

     

    More specifically any machine activity or report created from the 'Security activity' center will show this information in a more accurate way that you can rely on because this document will guide you through the entire process and set of methods.

    1.png

     

    Pre-requisites to 'Zero day AV'

    The first thing you need to have is an understanding of the AV component of LDMS and how it works. Here is a great community article on the AV client in LDMS and how it can be used:

     

    LANDesk Antivirus 9 Advanced Training

    http://community.landesk.com/support/docs/DOC-7479

    E-Learning - LANDesk Antivirus - Video

    http://community.landesk.com/support/docs/DOC-22200

     

    Once you have read this and understand the information within the training itself, we can start on configuring the Core with the AV settings as needed.

     

    Initial Setup and planning

    Before you go any further you need to think about the following in your environment so you can plan out the settings before you go on to apply them to the different regions/offices so that the information that you collect is consistent and you don’t have a few machines on different schedules making the 'Zero Day AV update' task harder to achieve.

     

    What you need to consider, when creating the AV settings:

     

    • How many regions are there (going to be) attached to the Core? E.g. EMEA, APAC, Africa, USA, North /South America etc.
    • How many offices in each region? 1, 2 more?
    • What are the time zones for each office /Region? 1, 2?
    • How do they differ from the Core? e.g.  +/- a few hours or more?
    • How many workstations/servers are in each office and what is their function?
    • And finally the distance from the Core? This will help determine if you need to update via the Core, from a preferred server or directly from the internet?

     

    All this will determine how you manage your update procedure. Do you need your servers to have a zero-day AV update policy or just your workstations? Bear in mind that when you initially install the AV product that a restart to the machine will be needed for the AV to be fully installed. This may be something you do not want to do on servers that are mission critical such as a DC or file servers in certain regions. So some downtime will be needed to be planned for these machines to fully protect them with AV.

     

    Another thing to bear in mind is the number of nodes that you have attached to the Core. These methods are quite intensive on the Core and the nodes will send and receive a lot of information from the Core. You can end up with a situation where the Core is saturated with information preventing machines from downloading updates correctly, in a sense getting blocked.

     

    Following these hardware specifications as a rough guide, make sure that your hardware is up to the task at hand.

    Nodes

    Processor

    RAM

    Disk

    1-2000

    Single server

    Intel Xeon Process or faster

    4GB+

    10GB free on 10K RPM+ drives

    2000-6000

    Multi-server

    Dual Intel Xeon Process or faster

    8GB+

    20GB free on 15K RPM

    1 full duplex 1000mbps NIC

    6000+

    Core server

    Dual Intel Xeon Process or faster

    4GB+

    20GB free on 15K RPM

    1 full duplex 1000MB NIC

    6000+

    DBMS server

    Quad Intel Xeon Process or faster

    8GB+

    20GB free Raid 5 SCSI

    2 full duplex 1000MB NIC

    Start separating out services, this will help alleviate pressure from the Core and let it focus on computer management rather than for example, hosting the SQL DB, patching or software distribution. All these can be placed on other servers to spread the load and bandwidth of distribution that comes with these services. For example, hosting the DB on a separate SQL server, placing the software distribution share on a separate file server, and storing the patch share on another server.

     

    To create a software distribution share on another server follow these steps:

    1. On your chosen file server create a share with the name of your choice, in this example, we are going to use 'SWDist'
    2. Once the folder is created, share it with these security settings as a minimum:

    Everyone: Read & Execute, List Folder Contents, Read

    NETWORK SERVICE: Full Control

    Administrators: Full Control

     

    Share settings:

    Everyone: Read

    Administrator or Domain Admin: Read & Write

     

    Add any additional shares as needed.

    1. Once created, place the installation packages required for software distribution from the Core
    2. Remember that your package share has now moved from the Core to the remote file server, adjust the paths of any pre-existing packages to follow suit

     

    If you require the share to be able to be accessed over HTTP refer to this article from the community:

    HTTP repository for SWD/Preferred Server in IIS 7.5

    http://community.landesk.com/support/docs/DOC-22861

     

    The same method above can be used to create a share for the patch and compliance component. The only difference is that for this service the HTTP protocol must be set up for the patching to work in the most effective way.

     

    You can create preferred servers which can host the patch files and software distribution files locally on a remote site. This will increase the speed of package installations from the Core, and patching.

     

    This article will take you through the process of creating the preferred servers and then how to set up the syncing with the content replication tool on the Core:

     

    Using LANDesk Content Replication

    http://community.landesk.com/support/docs/DOC-20779

     

    Then using the above article, http://community.landesk.com/support/docs/DOC-22861, you can add the functionality of sharing packages through HTTP

     

    Initial set up 'Zero Day AV'

    Once you have separate out the services and increased the compatibility of your Core you can move onto the next task of setting up the Core and creating the required agent settings so we can achieve the 'Zero Day AV update'

     

    Working from the Core to the client, the first thing we need to look at is the AV updates themselves on the Core.

     

    Please read this article to get a better idea of the different download options for the updates and what to consider in different locations:

    Configuring regular LANDesk Antivirus pattern file updates

    http://community.landesk.com/support/docs/DOC-6842

     

    Focus on the first part of the article and the video that talks about 'Configuring scheduled pattern file updates on the LANDesk Core Server'

    Now that you have a good idea of the download options for the updates themselves it’s time to consider what languages you need and when to set up the schedule to download them.

    2.png

    As mentioned above this will be individual to your environment and what regions you manage and support.

    Now you need to consider the schedule, when do you want to download these updates? Due to different time regions and pattern syncing between preferred servers (see below) what's the best time to download the latest patterns so every machine under your purview will be updated in a 'Zero day Manner'?

     

    For example:

    For UK based sites:

    You can set the AV pattern download for 01:00 AM in the morning, as you may have backups and maintenance tasks performing at 12:00 midnight. This would allow enough time for syncing of the pattern between sites and the preferred servers. To be performed between 2-5 AM. This would then allow enough time for the AV administrators to be notified of any issues so that they can repair them before everyone gets in the office. So when end users start to come in between 8-9 in the morning, the updates will be ready and start deploying to end users machines when they switch their machine on.

     

    With the preferred servers in mind, here is a great article on how to set them up for the AV updates:

    How to Configure a Preferred Server for LANDesk Antivirus pattern file content

    http://community.landesk.com/support/docs/DOC-24890

     

    Now that you have set up the downloads for the AV updates on the Core, we can start looking at the agent settings and see what we need to consider.

     

    For the 'Zero Day Av update' task to be achievable, you will need to focus on three schedules and processes. This will also have beneficial effects for other components on the LDMS Core as well as the AV component.

    The three components/processes are:

    -The inventory scanner

    -The Security Scan

    -The AV update process itself

     

    These all need to be processed in a specific order. This will depend on how your network is setup and how these will work best in that environment. The reason for this is that each component updates AV differently and reports information to the Core on the status of the updates in different ways. By designing a process which utilizes the advantages of each process you can be sure that the information you gather from the Core reflects the true status of AV on the end clients.

     

    Here is a brief explanation of how you can use each one specifically for this situation:

    -Inventory scanner - This will update the inventory of the specific node on the Core, checking the date on the AV to see if it has been updated or not, in turn letting the Core know whether or not the client has the most up to date AV definitions.

    This can vary, if the inventory scan is a full scan then this will update all the information on the Core, if its performs a mini scan this is not always the case.

    -Security scan - The security scan can be used to detect the existence of AV and if its definitions are up to date.  It will also implement an AV update if needed. This will always update the AV update progress on the Core, but if a restart is required then this will not be recorded on the Core in every case if the updates are not applied until a restart has been performed.

    -AV update- If scheduled the AV will update itself

     

    With all this information in mind, you can start to create an agent that will keep the information on the computer up to date and relevant on the Core.

     

    The next thing you need to do is to create some AV settings on the Core itself ready for the AV deployment. Following the above guidance create some AV settings that are appropriate for your environment.

    3.png

    Using the advance training above, create some agent settings for the different environments that you manage in your environment. For example, are they remote users, are they in the office in another country, or are they the computer next to you? This will have to be considered differently for each region /location.

     

    Referring to this article again:

    Configuring regular LANDesk Antivirus pattern file updates

    http://community.landesk.com/support/docs/DOC-6842

     

    Please read and watch the video in the section tilted: Configuring scheduled pattern file updates on the LANDesk Client

    As mentioned in the article, you first have to consider what location you are going to use as the download source for the AV updates.

    4.png

    'Core Only ': This is designed to be used in a controlled environment when you want only the updates that you approve to be distributed to the clients. This is not advised for this scenario because for whatever reason the client cannot contact the Core then the machine will not download any updates.

    I recommended only using this for machines on site as they are more likely to always have a connection to the Core.

     

    'Core First . Fall Back to internet if Core is not available ': As described. This will contact the Core and download updates from that location first then revert to the internet if no connection is made.

    This is great for clients in the office and clients that work from home. This is because the AV will always be updated as long as the machine has a connection to the Core or the internet.

     

    'Internet only': As described this will only get AV updates from the web.

    This is ideal if you don’t want to store updates on the Core server or using the preferred server. But this option relies on the machine having a connection to the internet, which in some environments is not possible.

     

    'Internet First. Fall back to Core if internet is not available’: As described.

    This can be ideal for home workers who come into the office LAN environment on a rare basis. Or if the office LAN is very secure, such as a bank, and does not allow internet access in the office but allows access to internal servers.

     

    You do not have to use the same download source for every office. You can create a number of AV settings that have a variety of download locations.

    It is recommended that when you first implement this process that you try a few options and see which option works best in your environment.

     

    When to update:

    As we have mentioned above with the three different schedules to be processed, when to perform the AV update is just as important as the rest of the processes and the 'Zero-day AV'. If the machine is not on during the update window then it may miss its update window and try again the next day. This will affect your 'Zero AV Update' reports.

    To prevent this plan, an update window that is very generous and has a random startup time of, for example, 3 hours. This will give the users enough time for the machine to log in and for the AV update process to run.

    5.png

    In this example, I have set the update process to run at 10:00, to allow for lateness or late starters and have given a random delay of 3 hours. This will make the update window available between 11:00- 14:00.

    This is ideal. This process will not interfere with my inventory scan which I have running in the morning between 8:00- 10:00 and does not run into my patch process which runs toward the end of the day between 15:00-20:00

     

    Other client settings to consider:

    Now we have set up the Core and the clients for the AV we will now see how we can use the other process to create a backup process for the AV and the reporting of the AV to the Core.

    The AV process will work 9 times out of 10, but there will always be times when for whatever reason the client cannot connect to the Core or the internet. So using the security patch part of LDMS we can create a backup process for the AV update so the client machine can be updated by either process. As the issue which may have been blocking the AV update before may now be resolved or gone away.

     

    You can set this up by adding the 'Antivirus' patch definition AV-107 to your scan folder in the 'Patch and Compliance' component and configuring it to autofix on the scan. You can specify which scope to apply this to. So if you’re using the same scan options for your servers then the AV will not be updated until you are ready in case a restart is needed.

    It also suggested that you override the severity in the properties for the definition AV-107 so that you can let all the administrators that use LANDesk know that this definition is important or critical. In the 'Zero Day AV Update' scenario it is.

    6.png

    Further to having this backup for the actual update for the AV, the security scan process will also update the Core with up to date information as to whether or not the AV is up to date for reporting purposes.

     

    The final process to setup is the inventory scanner. This is another tool we can use to back up the actual reporting process as to whether or not the actual AV on the client is up to date and that the Core reflects the most up to date information.

     

    The security scan process can run the update and update the Core with the relevant date of the update, but if a restart is required then this will not be reported to the Core. So by using the inventory scanner in the morning you can scan the machine after each reboot and update the AV pattern date on the Core.

     

     

    Finalised agent:

    Now that you have setup the Core with the schedule for the download for the AV updates, the preferred servers needed in each office, the patch and compliance component for AV updates and the required AV settings for the agents for each scenario your end users are in. You can now create the agent to send to them so you can start the actual process of the 'Zero day AV update' policy.

     

    Things to consider:

    When do you want the agent inventory to run?

    When do you want the agent AV updates to run?

    When do you want the agent security scan to run?

     

    In my example above I have recommended the following:

    Core:

    Download of pattern files to Core: 01:00

    Scheduled sync of pattern files to preferred servers: 2:00- 5:00

     

    Client:

    Inventory scan: 8:00-10:00

    AV Update: 11:00-14:00

    Security scan: 15:00 - 20:00

     

    Once you have set these up on the agent, please ensure you test, and then deploy.

    The testing is for your confidence in the process that you have setup and to make sure that the settings and timings you use are as close to perfect as possible.

     

    Useful tools to help with the implementation of the 'Zero Day AV update' Goal

     

    You can set up alerts so that you are informed by email for any machines that are out of date, to help you keep an eye on the rollout of the process and maintain it afterward. This article will help to do this:

    How to configure Alerting for out of date virus definitions

    http://community.landesk.com/support/docs/DOC-24102

    Issue: Clients unable to connect through Microsoft DirectAccess after installation of Ivanti Antivirus

    $
    0
    0

    ISSUE


    After the installation of Ivanti Antivirus, clients cannot connect through Direct Access.

    Note: Ivanti Antivirus uses the Kaspersky Endpoint Security engine.

    More details about Direct Access from Microsoft: Manage Remote Access )

     

     

    RESOLUTION


    To solve this problem please add 'svchost.exe' to Trusted Applications list and disable port 443 monitoring for it.

     

    svchost_exclusion.PNG

     

    More about Exclusions for Applications: Chapter 2. File System Protection by Kaspersky

     

    Issue: Kaspersky Endpoint Security service fails to start after Ivanti Antivirus Install

    $
    0
    0

    Issue

     

    After installing Ivanti Anti-Virus, the Kaspersky Endpoint Security Service fails to start.


    When trying to start the service, an error is received:

     

    Windows could not start the Kaspersky Endpoint Security Service service on Local Computer.

    Error 1053: The service did not respond to the respond to the start or control request in a timely fashion.     

     

    1-servicefailstostart.jpg

     

    Cause

     

    This is commonly caused by missing or disabled Root Certificates.

     

    Resolution

        Verify the Necessary Root Certificates are installed on the computer

    • Open a Run command, type mmc and press Ok.

     

    2-runmmc.png

     

    • In the Console window, click File | Add/Remove Snap-in...

    3-addsnapin.png

     

     

    • In the Add or Remove Snap-ins window select Certificates, then click Add>

    4-add_certs.png

     

    • In the Certificates snap-in window select Computer account, then click Next

    5-computer.png

     

    • In the Select Computer window select Local Computer: (the computer this console is running on), then click Finish

    6-finish.png

     

    • You will be returned to the Add or Remove Snap-ins window, and under Selected snap-ins, Certificates (Local Computer) will be shown.
    • Click Ok.

    7-certificates_added.png

     

    • In the Console window, expand Certificates | Trusted Root Certification Authorities, and select Certificates.
    • Verify the necessary Root Certificates are listed:
      • GTE CyberTrust Global Root
      • UTN-USERFirst-Object

    8-rootcerts.png

     

     

     

        The Certificates are installed, but the issue still occurs

     

    If the Root Certificates are installed, but the issue is still occurring, this can be caused by the certificates being outdated/expired, or being disabled by security policies.

     

    • Open a Run command, type secpol.msc and press Ok.

    1-run.png

     

    • In the Local Security Policy window, select Software Restrictions Policies.

    3-local_security.jpg

     

    • In the Trusted Publishers Properties window, select Define these policy settings.
    • In the Trusted publisher management section, select Allow all administrators and users to manage user's own Trusted Publishers, and click Ok.

    4-trustedpublisher.png

     

     

        Group Policy Disabled Root Certificates

     

    In some instances, Root Certificates may have been disabled via Group Policy. Disabling these Root Certificates will cause the necessary services for Ivanti AntiVirus to fail on start. The certificates will need to be allowed for use by the services.

     

        Certificates are Installed and Enabled, but the issue persists

     

    In the event that the information above does not correct the issue, please open a ticket with Ivanti Support.

    In the ticket reference this Article.

     

    Please include screen-shots of the Root Certificates showing as installed on the Affected Machine.

    Please follow this document and include in your ticket:

     

    • Standard Log Files
    • TraceLog Files
    • GetSystemInfo

    Issue: Pattern files (bases) failing to update

    $
    0
    0

    Summary

     

    This document will illustrate the steps needed to take to troubleshoot issues pattern files (also known as Bases files) for Ivanti Antivirus.

     


     

    What are Pattern Files?

     

    Ivanti Antivirus uses pattern files (otherwise known as "bases") programs try to find virus patterns inside ordinary programs by scanning them for so-called virus signatures.  A virus signature is merely a sequence of bytes that an antivirus program looks for because it is known to be part of the virus. A better term would be "search strings".  If the virus scanner finds such a pattern in a file, it will perform other checks to make sure that it has found the virus, and not merely a coincidental sequence in an innocent file, before it notifies that the file is infected and/or takes action.

     


    Pattern file update process

    Several conditions must be met on the Core Server in order for updates to download properly:

     

    You must have an active license for IVanti Antivirus

     

    If you do not have a current Ivanti Antivirus license, please contact your Ivanti Sales Representative.

     

    To check the status of your Ivanti Antivirus license, the following steps should be taken:

    1. In the Ivanti Endpoint Manager console click on the Configure menu item at the top of the Console and select "Product Licensing..."
    2. Click the header for the Product Name column to sort by name.  Ivanti Antivirus should appear at the top if the license is present.  If so, check the date of the license expiration.

     

    A task for Ivanti Antivirus pattern file updates must be present

     

    A task must exist on the core server in order to update pattern files on a regular basis.

     

    Tasks can be set to run every Hour, Day, Week, or Month.  In order to have updates run at intervals less than a day but more than an hour, several pattern file update tasks must be created to run at different times.

     

    It is recommended to run pattern file updates at least once a day so that any new viruses that come out during that time will be properly scanned for and then deleted, quarantined or repaired properly.

    Note: If you have updated from one version of Ivanti Endpoint Manager to another it is recommended to remove any existing update tasks and create new ones.

      

     

    The following steps are how to schedule a Ivanti Antivirus pattern (bases) file update:

     

    1. Within the Configuration tool group open the Agent Settings tool.
    2. Click the Download Updates button.  (This is the first button in the toolbar, an orange diamond with a down arrow).
    3. Move to the "Updates" tab and navigate to the Mac and/or Windows section(s) of the tree, and then open the Antivirus sub-node.
    4. Open the further Ivanti Antivirus Updates sub-node.  Underneath the Windows section it will show the following:



    Viewing all 213 articles
    Browse latest View live


    <script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>