Question:
How do I limit the end user ability to modify LANDesk Antivirus Settings, shut down the services, etc?
Answer:
There are various places to limit the user ability to modify LANDesk Antivirus Settings.
LANDesk Antivirus Settings
Use Agent Watcher to monitor LANDesk Antivirus Services
Use Security and Patch Definitions to ensure Antivirus is up to date and running
Use Windows User Rights to limit User Interaction
Install LANDesk HIPS to protect critical LANDesk Files
LANDesk Antivirus Settings
There are various locations within the LANDesk Antivirus Settings where User Control can be modified.
To modify the LANDesk Antivirus settings:
1. Open the Security and Patch Manager Tool in the LANDesk Management Suite Console.
2. In the dropdown for the 3rd icon select "LANDesk Antivirus Settings"
3. Select the Antivirus Setting you wish to edit and click "Edit"
Note, the following screens will point out the different areas that can affect user feedback and/or interaction. For a full explanation of these settings, see the LANDesk Advanced Training article.
Antivirus Settings - General Tab
- Show LANDesk Antivirus in system tray - Enables or Disables the yellow Antivirus shield icon from showing in the system tray
- Enable right-click scanning - Adds or removes the option "Scan for viruses" when right-clicking a Drive, Directory, Folder, or File.
- Allow user to add files and folders to Trusted Items List - Allows users to add files to a trusted list. This means LANDesk Antivirus will trust those files and will not scan them. (Security Risk)
Antivirus Settings - Real-time Protection Tab
- Allow user to disable realtime scanning for up to [ x ] minutes - (Security Risk)
(This option should only be enabled for IT personnel or similar responsible users that routinely work with files that could be considered a security risk)
Antivirus Settings - Scheduled Scan Tab
- Allow user to schedule scans - Regular scheduled scans should be enforced on a schedule set by the Administrator within the Antivirus settings on the core. However, in some instances, it may be necessary to allow the user to Schedule the scans to their own desired schedule.
Antivirus Settings - Virus Definition Updates Tab
- Users may download virus definition updates - Regular pattern file updates should be enforced on a schedule set by the Administrator within the Antivirus settings on the core. However, in some instances, it may be necessary to allow the user to Schedule virus definition updates on their own schedule.
Note: For further information about scheduling regular Scans and Pattern file updates, see this article.
Antivirus Settings - Quarantine/Backup Tab
- Allow user to restore suspicious objects - (Security Risk)
- Allow user to restore infected objects and risky software - (Security Risk)
- User must enter a password to restore objects
Typically these options should only be enabled on IT personnel computers or users with similar needs. If you want the ability for an Administrator to restore objects while at a users desk, enable all of the options, and include a password for restoring objects.
Using Agent Watcher to monitor LANDesk Antivirus Services
Agent Watcher is a configurable component within the Agent Configuration that enables monitoring, enforcement and reporting on critical LANDesk files and services. For further general information about Agent Watcher, please refer to the LANDesk Help File under the heading "LANDesk Agent Watcher" or within the User's Guide (Available as a download from this LANDesk Product Documentation page) in the "LANDesk Agent Watcher" chapter.
Use Security and Patch Definitions to ensure Antivirus is up to date and running
The following slide, taken from the LANDesk Advanced Antivirus training shows the different Security and Patch definitions that can be used to ensure that LANDesk Antivirus is running properly in your environment:
Use Windows User Rights to limit user interaction
Windows User rights and Group Policy settings can be used to limit the user ability to stop services, etc.
Install LANDesk HIPS to protect critical LANDesk Files
LANDesk® Host Intrusion Prevention System (HIPS) layers added security to thwart malicious attacks and rootkits using application control that prevents applications from executing in malicious ways right on your individual host systems. Use it to extend the power of LANDesk® Security Suite or LANDesk® Patch Manager and LANDesk® Antivirus. Even in it's most basic configuration, LANDesk HIPS provides protection for various critical system files, and also the LANDesk Client files.
For further information regarding LANDesk HIPS:
http://www.landesk.com/SolutionServices/product.aspx?id=788
http://community.landesk.com/support/community/security/hips