Ivanti's Endpoint Manager introduces a new Antivirus offering currently available in the latest product release, 2017.3 Service Update 2. The initial release is only applicable to the Windows operating system. MAC support will be available in a future Service Update. This document serves as a best practices step by step guide for setting up, configuring and maintaining the new Ivanti Antivirus solution. This is meant as a quick-start guide and does not go into advanced options.
All Images in this document can be viewed full size by clicking on them.
Licensing
After purchasing the license/subscription for the new Ivanti Antivirus product and installing 2017.3 Service Update 2 on the core server, the following steps must be performed prior to deploying the new solution to your managed endpoints. If transitioning from the previous Ivanti Avtivirus offering to the NEW Ivanti Antivirus offering, no additional purchase is required. You will need to consult with your Sales representative to ensure the license is updated. After core server activation please verify the following (2) licenses exist:
- Ivanti Antivirus 2017 License Add-on powered by Landesk
- Ivanti Antivirus 2017 Subscription Add-on powered by Landesk
If you have purchased the new Ivanti Antivirus solution and are not seeing the licenses listed above, please conduct the following:
Log a case via support.ivanti.com or Contact Ivanti Support by phone. More information can be found at How to: Contact Ivanti Support .
With the new Ivanti Antivirus offering, there's no client side key or additional activation required for the endpoints after installation.
Core Ivanti Antivirus Setup
URL
The following URL will be used for pattern file downloads:
http://ivanti-60013e4c-1d97-4269-b5b7-625530f25c30.2d7dd.cdn.bitdefender.net/
Please make sure this source is trusted by any web filtering tools you have in place.
Step 1 - Download Ivanti Antivirus Core Installation Files
Unlike our current Antivirus offering, the new Ivanti Antivirus installation files are downloaded from the Ivanti content servers via the Download Updates interface located in the Security and Compliance | Patch and Compliance tool. Select the "Ivanti Antivirus Core Installation Files" option under Software Updates to download the necessary binaries to your core server. Upon selecting this option, the following prompt will be displayed:
The prompt titled "Confirm Ivanti Antivirus Core Installation Files Steps", outlines the "HOW TO" for installing the Antivirus Update Server and the deployment process for installing the new antivirus solution on your endpoints. For ease of use, these steps will be reiterated in this guide.
Step 2 - Install the Ivanti Antivirus Update Server
The Ivanti Antivirus Update Server contains the pattern files and necessary signature and products updates required to mitigate threats to the endpoint. To install this appliance on the core, conduct the following actions:
- Navigate to %ldms_home%\ldlogon\avclientbd\updateserverinstall
- Launch AVSetup.exe
A successful log entry will reflect the following data:
1948 1 2017-11-25 12:45:11Z INFO install pkg path: C:\Program Files\LANDesk\ManagementSuite\ldlogon\avclientbd\updateserverinstall\..\epsecurity_x64.exe 1948 1 2017-11-25 12:46:15Z INFO install update server successfully 1948 1 2017-11-25 12:46:15Z WARN Failed to create shortcut. LinkSource: LinkDestDirectory: LinkName: 1948 1 2017-11-25 12:46:18Z INFO Json request result:0 1948 3 2017-11-25 12:46:18Z INFO response Json:{"response":{"data":{"UpdateServer":[{"@name":"SetProxySettings","error":0,"output":null}]}},"type":"epsdk"} 1948 3 2017-11-25 12:46:18Z INFO set proxy for update server successfully! 1948 3 2017-11-25 12:46:18Z INFO set proxy for update server successfully!
New Ivanti Antivirus Core Services
The AVSetup.exe application will also create the following services on the core.
- Ivanti Endpoint Integration Service - Applies the security server settings to a managed client product.
- Ivanti Endpoint Security Service - Provides protection against malware and other security threats.
- Ivanti Endpoint Update Service - Downloads Ivanti Antivirus product updates and malware signatures.
- Ivanti Update Server - Allows endpoints to update antivirus content from the core server.
New Ivanti Antivirus Directory Structure
The AVSetup.exe application will also create a new directory structure in c:\Program Files\Ivanti consisting of the following sub folders:
- Endpoint
- EndpointSetupInformation
- Ivanti Update Server
Step 3 - Remove existing Antivirus Solution from Clients
The new Ivanti Antivirus installation process will not detect or attempt to remove other security software on the computer. The removal of an antivirus solution not provided by Ivanti will have to be completed using the recommended removal methods provided by the Antivirus vendor. Often having more than one antivirus solution installed will result in one or both products malfunctioning, thus reducing the overall security of the system.
Migrating from current Ivanti Antivirus to NEW Ivanti Antivirus:
If migrating from the current, Kaspersky rebranded Ivanti Antivirus solution, please conduct the following actions:
- Create Antivirus removal task - Under Tools | Security and Compliance | Agent Settings select Create Task and choose Remove Security Components.
Choosing "Remove Security Components will open a Patch and Compliance - Remove Security Component task interface.
2. In the Patch and Compliance - Remove Security Component task interface, under Security Components to Remove, select "Ivanti Antivirus" and choose Save.
Upon saving, a task will be created.
Migrating from another vendor's antivirus to NEW Ivanti Antivirus:
If migrating from another antivirus solution, please reference the following document for removal assistance: Removal Tools for Common Antivirus Software.
Step 4 - Create New Ivanti Antivirus Agent Setting
- Create a new Agent Setting for Ivanti Antivirus New contained under Tools | Security and Compliance | Agent Settings | Security.
2. Select the desired configuration and save the agent setting.
Step 5 - Deploy New Ivanti Antivirus
The New Ivanti Antivirus solution has to be installed via an Install Security Components task. The option to add the new Ivanti Antivirus security component in the Agent Configuration is not yet available. If the endpoints are on a supported version of the product, the overall agent does not need to be updated immediately to take advantage of the new Antivirus solution. To deploy the new Ivanti Antivirus, perform the following actions:
- Create Antivirus install task - Under Tools | Security and Compliance | Agent Settings select Create Task and choose Install/Update Security Components.
2. Under Security Components to Install select "Ivanti Antivirus New" , choose the desired agent setting and Save.
Upon saving, a task will be created. Use this task target the subset of devices that currently do not have an Antivirus solution installed.
To manually install the solution on the endpoint, the following syntax can be run:
vulscan /installavnew /showui (the showui switch is optional)
Step 6 - Pattern File Downloads
To set the cadence for how often the pattern files are downloaded to the core, navigate to the Download Updates | Ivanti Antivirus New tab. The configurable range is 1-240 hours and is set to 24 hours by default.
Items of Interest
- Unable to add antivirus exclusions
- Pattern file updates are restricted to the core server and Internet
- No Preferred Server or Peer downloads
- No current MAC support