LANDESK Antivirus legacy

LANDESKAntivirus features are accessed from the Agent Settings tool window (Tools > Security and Compliance > Agent Settings).

Antivirus lets you download and manage antivirus content (virus definition files); configure antivirus scans; and customize antivirus scanner display/interaction settings that determine how the scanner appears and operates on target devices, and which interactive options are available to end users. You can also view antivirus-related information for scanned devices, enable antivirus alerts, and generate antivirus reports.

The main section for LANDESK Antivirus overview introduces this complementary security management tool, which is a component of both LANDESK Management Suite and LANDESK Security Suite. In that section you'll find an overview, antivirus content subscription information, as well as step-by-step instructions on how to use Antivirus features.

This section contains the following help topics that describes the Antivirus dialogs. From the console interface, these help topics are accessed by clicking the Help button on their respective dialog box.

Antivirus Download Updates help

About the LANDESK Antivirus page on the Download Updates dialog box

Use the LANDESK Antivirus page of the Download Updates dialog box to configure settings for downloading virus definition file updates from LANDESK Security Suite services. You can select to download Antivirus content (virus definition/pattern files), specify when virus definition files are available to distribute to managed devices (immediately or after a pilot test period), and whether definition files are backed up.

You should be aware that the Updates page of the Download updates dialog box includes several Antivirus updates in the definition type list, including one named LANDESK Antivirus Updates. When you select this type, both the scanner detection content AND the virus definition file updates are downloaded.

Antivirus updates are scanner definitions that detect:

  • Installation of common antivirus scanner engines (including the LANDESK Antivirus agent)
  • Real-time scanning status (enabled or disabled)
  • Scanner-specific pattern file versions (up to date or old)
  • Last scan date (whether the last scan is within the maximum allowable time period specified by the administrator)

NOTE: Antivirus scanner detection content versus virus definition content
Antivirus updates does not imply actual virus definition (or pattern) files. When you download third-party antivirus updates, only scanner detection content is downloaded to the default repository, but scanner-specific virus definition files are not downloaded. However, when you download LANDESK Antivirus updates, both the scanner detection content AND the LANDESK Antivirus-specific virus definition files are downloaded. LANDESK Antivirus virus definition files are downloaded to a separate location on the core server. The default virus definition file repository is the \LDLogon\Antivirus\Bases folder.

You must have the proper LANDESK Security Suite content subscription in order to download each type of security content.

A basic LANDESK Management Suite installation allows you to download and scan for LANDESK software updates, and to create and use your own custom definitions. For all other security content types, such as platform-specific vulnerabilities, spyware, and including virus definition (pattern) files, you MUST have a LANDESK Security Suite content subscription in order to download the corresponding definitions.

For information about Security Suite content subscriptions, contact your reseller, or visit the LANDESK website:

LANDESK Home Page

After you specify the types of content you want to download and the other options on the Download updates dialog box:

  • To perform an immediate download, click Update Now. If you click Apply, the settings you specify will be saved and will appear the next time you open this dialog box. If you click Close, you'll be prompted whether you want to save the settings.
  • To schedule a download security content task, click Schedule update to open the Scheduled update information dialog box, enter a name for the task, verify the information for the task, and then click OK to add the task to Scheduled tasks.

IMPORTANT: Task-specific settings and global settings
Note that only the definition types, languages, and definition and patch download settings are saved and associated with a specific task when you create it. Those three settings are considered task specific. However, all of the settings on the other pages of the Download updates dialog box are global, meaning they apply to all subsequent security content download tasks. Global settings include: patch download location, proxy server, spyware autofix, security alerts, and antivirus. Any time you change a global settings it is effective for all security content download tasks from that point on.

To save your changes on any page of this dialog box at anytime, click Apply.

The LANDESK Antivirus page contains the following options:

  • Virus definitions approved for distribution: Displays the date and version number of the most recently approved virus definition files that are now available to distribute to your managed devices. Approved virus definition files are located in the default folder (\LDLogon\Antivirus\Bases) from which they are deployed to target devices as part of on-demand and scheduled antivirus scans. The exact time of the virus definition file update (downloaded from the LANDESK Security Suite web service, which has the very latest known pattern files) is noted in parentheses below this field.
  • Virus definitions currently in pilot testing: Note that this list appear only if you've selected the Restrict them to a pilot test first option. Displays the date and version number of the virus definition files currently residing in your pilot folder, if you've downloaded virus definitions to that location. Pilot testing helps you verify the validity and usefulness of a virus definition file before using it to scan your managed devices for viruses. Virus definitions that have been downloaded to the pilot test folder can be deployed to designated "test" target devices.
  • Virus definition updates - When new virus definition files are downloaded from LANDesk:
    • Immediately approve (make them available to all computers): Downloads virus definitions directly to the default folder (\LANDesk\ManagementSuite\ldlogon\antivirus8\win\bases8). Virus definitions downloaded to the default folder are approved and can be deployed to target devices for antivirus scanning.
    • Restrict them to a pilot test first: Download virus definition files to the pilot folder for testing purposes. Virus definitions in the pilot folder can be deployed to designated test machines before being deployed to your managed devices.
      • Get latest definitions: Starts an immediate virus definition file download process. The Updating Definitions dialog box shows download progress.
      • Approve now: Lets you move virus definition files from the pilot folder to the default virus definition folder so that they can be deployed to target devices for antivirus scanning.
      • Schedule approval: Opens the Scheduled tasks tool with a new task where you can specify the scheduling options (start now, or start at a particular day and time, and set recurrence). This scheduled task automatically moves downloaded virus definition files from the pilot folder to the default virus definition files folder (\LANDesk\ManagementSuite\ldlogon\antivirus8\win\bases8). (NOTE: This option is available only if you're restricting virus definition file updates to a pilot test, and lets you automate the approval of definition files. If you don't enable this option, virus definition files in the pilot folder must be approved manually with the Approve now button.)
  • Virus definition backups:
    • Make backups of previous definitions: Saves downloads of earlier virus definition files. This can be helpful if you need to go back to an older definition file to scan and clean infected files, or to restore a virus definition file that resolved a particular problem. (Virus definition file backups are saved in separate folders named by the date and time they were created, under: \LDLogon\Antivirus\Backups\)
    • Number of backups to keep: Specifies the number of virus definition file downloads to save.
    • History: Lists all of the available virus definition file backups.
    • Restore: Moves the selected virus definition file backup to the antivirus default folder so that they can be distributed to target devices.
    • Delete: Removes the selected virus definition file backup permanently from the core server.
  • Download now: Immediately downloads the selected security content types. The Updating Definitions dialog shows progress and status of the download.
  • Schedule download: Opens the Scheduled download information dialog box, where you can type a unique name for this download task, verify the download settings, and click OK to save the task in the Scheduled task tool. (Note that only the definition types, languages, and definition and patch download settings are saved and associated when you create a particular task. Download settings on the other pages of this dialog box, such as patch download location, proxy settings, and alerting settings, are global, meaning they apply to all the security content download tasks. However, you can change those settings at any time and they will be effective for all security content download tasks from that point on.)
  • View log: Lets you select the location and level of detail in a log file containing virus definition file download information.
  • Apply: Saves your selected download settings so that they are applied to the Download updates dialog box and appear the next time you open the dialog box.
  • Close: Closes the dialog box without saving your latest settings changes.

For a description of the options on the other pages of the Download updates dialog box, see About the Download updates dialog box.

 

Antivirus tasks help

About the Create LANDESK Antivirus task dialog box

Use this dialog box to create a task that updates virus definition files, configures antivirus scans on target devices (with antivirus settings), or both. Antivirus settings determine scanner behavior, scanned objects, and end user options.

NOTE: On-demand antivirus scans
You can also run an on-demand antivirus scan on a device via the device's shortcut menu.

This dialog box contains the following options:

  • Task name: Identifies the antivirus scan task with a unique name.
  • Actions to perform: Specifies what the task is going to do. You can select one or both of the actions.
    • Update virus definitions: Specifies the task will update the virus definition files based on the settings on the antivirus page of the Download updates dialog box.
    • Start antivirus scan: Specifies the task will run an antivirus scan on target devices.
  • Create a scheduled task: Adds the scan task to the Scheduled tasks window, where you can configure its scheduling and recurrence options, and assign target devices.
    • Automatically target all LANDESK Antivirus machines: Adds managed devices that have been configured with the LANDESK Antivirus agent to the task's target devices list.
    • Start now: Runs the antivirus scan on devices with the LANDESK Antivirus agent, adding it to the Scheduled tasks tool, as soon as you and click OK.
    • Update virus definitions (including pilot) on core: Automatically updates virus pattern files before the scan is launched, including virus definition files that currently reside in the pilot folder. (Note: The Update virus definitions option above much be selected in order to use this option.)
  • Create a policy: Adds the antivirus scan task as a policy to the Scheduled tasks window, where you can configure the policy's options.
  • LANDESK Antivirus settings: Specifies antivirus settings used for the scan task. Antivirus settings determine whether the LANDESK Antivirus icon appears in the device system tray, availability of interactive options to end users, email scan and real-time protection enabling, file types to scan, files and folders to exclude, infected file quarantine and backup, scheduled antivirus scans, and scheduled virus definition file updates. Select one of the settings from the drop-down list. Click Edit to modify the options for the selected settings. Click Configure to create a new settings.
  • Virus definition files: Displays information about the currently downloaded definition files. Click Download updates to go to the LANDESK Antivirus page of the Download updates dialog box to configure and schedule a virus definition file download.

About the LANDESK Antivirus scan now task dialog box

Use this dialog box to run an immediate on-demand antivirus scan on one or more target devices.

  1. Right-click the selected device (or up to 20 multi-selected devices), and then click LANDESK Antivirus scan now.
  2. Select an antivirus settings.
  3. Specify whether to update virus definition files before scanning. (Note: This option automatically updates virus pattern files before the scan is launched, including virus definition files that currently reside in the pilot folder.)
  4. Click OK.

 

Antivirus settings help

About the LANDESK Antivirus settings dialog box

Use this dialog box to create and edit an antivirus settings. Antivirus settings determine whether the LANDESK Antivirus icon appears in the device system tray, availability of interactive options to end users, email scan and real-time protection enabling, file types to scan, files and folders to exclude, infected file quarantine and backup, scheduled antivirus scans, and scheduled virus definition file updates.

If you want to modify a device's default antivirus settings without redeploying an antivirus scan task, make your desired change to any of the settings on the various pages of the Antivirus settings dialog box, assign the new settings to a change settings task, and then deploy the change settings task to target devices.

Once configured, you can apply antivirus settings to antivirus scan tasks and to change settings tasks.

This dialog box contains the following pages:

About the Antivirus: General settings page

Use this page to configure the basic antivirus scanner settings on target devices.

This page contains the following options:

  • Name: Identifies the antivirus settings with a unique name. This name appears in the settings drop-down list on an antivirus scan task dialog box.
  • Show LANDESK Antivirus icon in system tray: Makes the LANDESK Antivirus icon appear in the device system tray. The icon's appearance depends on the status of antivirus protection, indicating whether real-time protection is enabled. If the arrow icon is yellow, real-time protection is enabled meaning the device is continuously being monitored for viruses. If the icon is gray, real-time protection is not enabled.

    NOTE: End users can double-click the icon to open the LANDESK Antivirus client and perform tasks. They can also right-click the icon to access the shortcut menu and select to run a scan and update antivirus files.

  • Enable email scanning: Enables real-time email scanning on target devices. Real-time email scanning continuously monitors incoming and outgoing messages (supported applications include: Microsoft Outlook), checking for viruses in both the body of the message and any attached files and messages. Any detected viruses are removed.
  • Enable right-click scanning: Provides an option on the LANDESK Antivirus client that allows end users to select a file, group of files, folder, or group of folders, and right click the selection to perform an antivirus scan.
  • Scan for risky software in addition to viruses (extended database): Provides an option on the LANDESK Antivirus client that allows end users to scan for riskware (i.e., FTP, IRC, remote control utilities, etc.) using an extended database that is loaded on the managed device.
  • Allow user to add files and folders to Trusted Items list: Provides an option on the LANDESK Antivirus client that lets users identify files and folders they don't want scanned for viruses. Files and folders in this list are ignored by an antivirus scan. Users should be made aware that they should move only safe files to their trusted items list.
  • CPU utilization when scanning: Lets you control CPU usage on target machines when LANDESK Antivirus runs an antivirus scan.
  • Owner: Lets you specify an owner for the antivirus settings in order to prevent unauthorized modification. Only the owner and users with the Administrator right can access and modify the settings. Other users can only view the settings. The public user option allows universal access to the settings.
  • Set as default: Establishes this antivirus settings (including the option settings on all of the Antivirus settings dialog box's tabs) as the default on target devices. Unless an antivirus scan task has a specific antivirus settings associated with it, the default settings are used during scan and definition file update tasks.
  • Restore defaults: Restores the predefined default settings for all of the antivirus options on the dialog box's tabs.

About the Antivirus: Real-time protection page

Use this page to enable and configure real-time file protection, which files to protect and what to exclude, and end user notification.

Real-time protection is an ongoing (background) scan of specified files, folders, and file types by extension. When real-time protection is running, files are scanned for viruses every time they are opened, closed, accessed, copied, or saved.

When real-time protection is enabled, the LANDESK Antivirus system tray icon is yellow. The icon is gray when real-time protection is turned off.

This page contains the following options:

  • Enable real-time file protection: Turns on real-time file protection on target devices. Real-time file protection runs in the background and scans for known viruses according to the downloaded virus definition files
  • Show real-time messages on client: Displays messages on target devices to notify users of certain LANDESK Antivirus activities. End users are notified when an infected file is detected, quarantined, deleted, skipped, or cleaned. Message dialog boxes show the path, file name, virus name, and a note telling the end user to contact their network administrator.
  • Allow user to disable real-time scanning for up to: Provides an option on the LANDESK Antivirus client that allows the end user to turn off real-time file protection for a specified period of time. You should keep the amount of time to a minimum so that users can't disable real-time protection long term.
  • Exclude network paths: Limits real-time file scanning to local drives, and does not include mapped network drives.
  • Scan all file types: Specifies that files of all types on the target device are scanned by an antivirus scan. This may take a long time so it is a good idea to scan all file types with an on-demand scan rather than real-time protection.
  • Scan infectable files only: Specifies that infectable files only are scanned. Infectable files are those types of files known to be vulnerable to virus infections. Scanning only infectable files is more efficient than scanning all files because some viruses affect only certain file types. However, you should make a habit of regularly scanning all the files with an on-demand scan in order to ensure devices are clean.

    NOTE: Infectable file types are identified by their format identifier in the file header rather than by their file extension, ensuring that renamed files are scanned. Infectable files include: document files such as Word and Excel files; template files that are associated with document files; and program files such as Dynamic Link Libraries (.DLLs), communication files (.COM), Executable files (.EXEs), and other program files. See below for a complete list of infectable file types.

  • Use heuristics to scan for suspicious files: Utilizes the scanner's heuristic analysis capability when scanning target devices. Heuristic scanning attempts to detect files suspected of being infected by a virus by looking for suspicious behavior such as a program that: modifies itself, immediately tries to find other executables, or is modified after terminating. (NOTE: Using heuristic scanning may negatively affect performance on managed devices.)
  • Exclude the following files and folders:
    • Add: Opens the Add excluded path dialog box where you can create new exclusions to specify the files, folders, or file types (by extension) you want to exclude from an antivirus scan associated with this settings.
    • Edit: Opens the selected exclusion so you can modify a file path, file name, file extension, and variables.
    • Delete: Removes the selected exclusion from the antivirus settings.

About the Add excluded path dialog box

Use this dialog box (accessed from the Real-time protection dialog box) to add exclusions that specify objects that aren't scanned for viruses by either an antivirus scan or real-time protection. Antivirus scan tasks (and change settings tasks) associated with this antivirus settings will use these exclusions.

You can exclude specific files, entire folders, and file types by their extensions.

This dialog box contains the following options:

  • Type: Indicates the type of object you want excluded from antivirus scanning. Select a type and then enter its precise attributes in the Object field.
  • Object: Type the full file path and name of (or browse to and select) the file or folder you want to exclude. If you selected the file extension type, type the extension's characters in the Object field.
  • Insert variable: Allows you to use system environment variables to identify the path to a folder or an object that you would like to exclude from the antivirus scan or protection scope.

About the Antivirus: Virus scan page

Use this page to specify which files to scan for viruses, what to exclude from the scan, and whether to use heuristics to scan for suspicious files.

This page contains the following options:

  • Scan all file types: Specifies that files of all types on the target device are scanned by an antivirus scan. This may take a long time so it is a good idea to scan all file types with an on-demand scan rather than real-time protection.
  • Scan infectable files only: Specifies that infectable files only are scanned. Infectable files are those types of files known to be vulnerable to virus infections. Scanning only infectable files is more efficient than scanning all files because some viruses affect only certain file types. However, you should make a habit of regularly scanning all the files with an on-demand scan in order to ensure devices are clean. See below for a complete list of infectable file types.
  • Use heuristics to scan for suspicious files: Utilizes the scanner's heuristic analysis capability when scanning target devices. Heuristic scanning attempts to detect files suspected of being infected by a virus by looking for suspicious behavior, such as: a program that is self-modifying, immediately tries to find other executables, or appears changed upon termination. Using heuristic scanning may negatively affect performance on managed devices.
  • Exclude the following files and folders
    • Add: Opens the Add excluded path dialog box where you can create new exclusions to specify the files, folders, or file types (by extension) you want to exclude from an antivirus scan associated with this settings.
    • Edit: Opens the selected exclusion so you can modify a file path, file name, file extension, and variables.
    • Delete: Removes the selected exclusion from the antivirus settings.
  • Clean up registry: Specifies the registry is included in the antivirus scan.

IMPORTANT: System restore point scanning
LANDESK Antivirus will scan the files in any system restore point folders that may exist on the managed device.

Infectable file types

Infectable file types are identified by their format identifier in the file header rather than by their file extension, ensuring that renamed files are scanned.

Infectable files include: document files such as Word and Excel files; template files that are associated with document files; and program files such as Dynamic Link Libraries (.DLLs), communication files (.COM), Executable files (.EXEs), and other program files. See below for a list of infectable file types by the file format's standard or original file extension.

  • ACM
  • ACV
  • ADT
  • AX
  • BAT
  • BIN
  • BTM
  • CLA
  • COM
  • CPL
  • CSC
  • CSH
  • DLL
  • DOC
  • DOT
  • DRV
  • EXE
  • HLP
  • HTA
  • HTM
  • HTML
  • HTT
  • INF
  • INI
  • JS
  • JSE
  • JTD
  • MDB
  • MSO
  • OBD
  • OBT
  • OCX
  • PIF
  • PL
  • PM
  • POT
  • PPS
  • PPT
  • RTF
  • SCR
  • SH
  • SHB
  • SHS
  • SMM
  • SYS
  • VBE
  • VBS
  • VSD
  • VSS
  • VST
  • VXD
  • WSF
  • WSH

About the Antivirus: Scheduled scan page

Use this page to enable and configure a recurring scheduled antivirus scan on target devices.

NOTE: LANDESK Antivirus scan types
You can scan your managed devices for viruses with scheduled scans, on-demand scans, as well as real-time file and email protection. End users can also perform on-demand scans of their own computer.

This page contains the following options:

  • Have LANDESK Antivirus scan devices for viruses at a scheduled time: Enables a recurring scheduled antivirus scan that runs on target devices according to the start time, frequency, time restriction, and bandwidth requirement you specify.
  • Change settings: Opens the Schedule dialog box where you can set the scheduling options.
  • Allow user to schedule scans: Lets the end user create a local scheduled antivirus scan on their own machine.

About the Schedule periodic antivirus scans dialog box

If you want this antivirus settings to include a recurring antivirus scan, use this dialog box to specify start time, frequency, time restriction, and bandwidth requirement settings. Antivirus scan tasks (and change settings tasks) associated with this settings will use the rules defined here.

All criteria in this dialog box that you configure must be met before the task will execute. For example, if you configure a schedule that repeats every day between 8 and 9 o'clock with a Machine state of Desktop must be locked, the task will only execute if it's between 8 and 9 o'clock AND the machine is locked.

This dialog box contains the following options:

  • Start: Click this option to display a calendar where you can select the day you want the task to start. Once you pick a day, you can also enter a time of day. These options default to the current date and time.
  • Repeat after: Schedules the scan to recur periodically. Select the number of minutes, hours, and days to control how often the task repeats.
  • Time range: If you want the task to run between certain hours, select the start and end hours. The hours are in 24-hour (military) time format.
  • Weekly between: If you want the task to run between certain days of the week, select the start and end days.
  • Monthly between: If you want the task to run between certain dates of the month, set the start and end dates.
  • Minimum bandwidth: When configuring local scheduler commands, you can specify the minimum bandwidth criteria necessary for the task to execute. The bandwidth test consists of network traffic to the device you specify. When the time comes for the task to execute, each device running the local scheduler task will send a small amount of ICMP network traffic to the device you specify and evaluate the transfer performance. If the test target device isn't available, the task won't execute. You can select these minimum bandwidth options:
    • RAS: The task executes if the device's network connection to the target device is at least RAS or dialup speed, as detected through the networking API. Selecting this option generally means the task will always run if the device has a network connection of any sort.
    • WAN: The task executes if the device's connection to the target device is at least WAN speed. WAN speed is defined as a non-RAS connection that's slower than the LAN threshold.
    • LAN: The task executes when the device's connection to the target device exceeds the LAN speed settings. LAN speed is defined as anything greater than 262,144 bps by default. You can set the LAN threshold in agent configuration (Tools > Configuration > Agent Configuration > Bandwidth Detection page). Changes won't take effect until you deploy the updated configuration to devices.
    • To computer name: Identifies the computer that is used to test the device bandwidth. The test transmission is between a target device and this computer.
  • Machine state: If you want the task execution criteria to include a machine state, select one from the drop-down list.
  • Additional random delay once all other filters pass: If you want an additional random delay, use this option. If you select a random delay that extends beyond the time limits you configured for the task, the task may not run if the random value puts the task outside the configured time limits.
    • Delay up to: Select additional random delay you want.
    • And at least: If you want the task to wait at least a certain number of minutes before executing, select this option. For example, if you're scheduling an inventory scan, you could enter a five here so a computer has time to finish booting before the scan starts, improving the computer's responsiveness for the user.

About the Antivirus: Virus definition updates page

Use this page to configure virus definition (pattern) file updates scheduling, user download options, and access options, for target devices with this antivirus settings.

This page contains the following options:

  • Download pilot version of virus definition files: Download virus definition files from the pilot test folder instead of from the default repository(\LDLogon\Antivirus\Bases) on the core server. Virus definitions in the pilot folder can be downloaded by a restricted set of users for the purpose of testing the virus definitions before deploying them to the entire network. When you create an antivirus scan task, you can also select to download the latest virus definitions updates, including those residing in the pilot test folder, then associate an antivirus settings with this option enabled to ensure that the test machines receive the latest known virus definition files. If this option is selected, virus definition files in the default folder (\LDLogon\Antivirus\Bases) are not downloaded.
  • Users may download virus definition updates: Provides end users on target devices the option of downloading virus definition files by themselves. This option displays on the LANDESK Antivirus client and can be accessed from that dialog box as well as by right-clicking the LANDESK Antivirus system tray icon.

    NOTE: When an end user downloads virus definition files, the device attempts to connect to servers in the following order: 1) preferred server (if one is configured); 2) core server; 3) LANDESK Security Suite content server (Internet).
  • Download virus definition updates from: Specifies the source site from which virus definition files are downloaded. Depending on which option you select from the drop-down list here, one or both of the download source site options (core server and Internet security content server) described below are enabled and can be configured. (NOTE: Internet download options are configured on the Legacy virus definition updates page.)
  •  Core download options: Lets you configure core server settings if you've selected one of the download source site options above that includes the core.
    • Disable peer download: Prevents virus definition file downloads via peer download (the local cache or a peer in the same multicast domain).
    • Disable preferred server: Prevents virus definition file downloads via a preferred server. For more information about preferred servers, see About software distribution.
  • Schedule virus definition updates: Enables a recurring scheduled virus definition file update that runs on target devices according to the start time, frequency, time restriction, and bandwidth requirement you specify.
  • Change schedule: Opens the Schedule dialog box where you can specify the scheduling options.

About the Schedule periodic antivirus updates dialog box

If you want this antivirus settings to include a recurring virus definition update, use this dialog box to specify start time, frequency, time restriction, and bandwidth requirement settings. Antivirus scan tasks (and change settings tasks) associated with this settings will use the rules defined here.

For information about the options, see About the Schedule periodic antivirus scans dialog box above since it is a common dialog box.

About the Antivirus: Legacy virus definition updates page

Use this page to configure legacy virus definition updates settings, as well as the LANDESK Security Suite content server settings if you've selected one of the download source site options above that includes the Internet.

This page contains the following options:

  • Download updates as a single file if changed file count is greater than: Specifies the maximum number of new or updated individual virus definition files that are downloaded separately before they are compressed and downloaded as a single file.
  • Internet download options: Lets you configure the security content server settings if you've selected one of the download source site options above that includes the Internet.
    • Source site: Specifies the security content server that is accessed to download the latest definitions to your database. Select the server nearest your location.
    • Fall back to alternate source site on failure: Automatically attempts to download updates from another security content server, where the antivirus signatures reside, if the specified source site is unable to transmit files.

IMPORTANT: Legacy settings apply to older LANDESK Antivirus clients only
The legacy virus definition updates settings specified on this page will be in effect only for older versions of the LANDESK Antivirus client that have been deployed to your managed devices. Typically, older versions of the client are installed by a LANDESK core server version 8.8 SP3 or older.

About the Antivirus: Quarantine/Backup page

Use this page to configure the size of the quarantine/backup folder, and the object restore options you want to make available to end users.

This page contains the following options:

  • Limit size of quarantine/backup folder: Allows you to specify the maximum size of the shared quarantine\backup folder on target devices. This folder is a safe, isolated storage area on devices that have LANDESK Antivirus. By default, the quarantine storage size is 50 MB and quarantined objects are stored for 90 days. Objects in the quarantine\backup folder can be rescanned, deleted, or restored.

    NOTE: Quarantined files are automatically rescanned with the latest virus definitions whenever an on-demand scan is run or whenever the antivirus pattern files are updated on the device, in order to find out if any infected objects can be cleaned. If a quarantined file can be cleaned, it is automatically restored and the user is notified.

    NOTE: When a virus infection is discovered, the infected file is first backed up (with a *.bak extension in the \LDClient\Antivirus\ folder) and then cleaned. If it can't be disinfected the original file it is moved to the quarantine folder (with a *.qar extension in \LDClient\Antivirus folder). Then the virus string is removed and the file is encrypted so it can't be accessed or executed.

  • Maximum size: Specifies the maximum size of the shared quarantine/backup folder on devices with the LANDESK Antivirus agent.
  • Restoring objects: Specifies end user rights for restoring objects that have been quarantined.
    • Allow user to restore suspicious objects: Provides end users the option of restoring suspicious objects detected by an antivirus scan or by real-time protection. Suspicious objects are those which contain code that is either modified or reminiscent to that of a known virus. Suspicious objects are automatically quarantined. If this option is selected, end users can move the original file from the quarantine folder to a specified destination folder or to its original location, where it was stored before quarantining, disinfection, or deleting. Note that If real-time protection is running, the restored file is scanned and if it's still infected it's put back in the quarantine.
    • Allow user to restore infected objects and risky software: Provides end users the option of restoring infected objects detected by an antivirus scan or by real-time protection. Infected objects are those containing harmful code which is detected by a known viruses definition (pattern or signature) file. Infected objects can further damage managed devices. Risky software is essentially client software that has the possibility of being risky for the end user. For example: FTP, IRC, MIrc, RAdmin, or remote control utility software. (In the case of a false-positive scan result, the end user may feel confident and comfortable enough to restore the file. This option lets users restore files to network shares. If they restore an infected file to the original location, the next antivirus scan will detect the same virus, even if it's false-positive, and simply put the file back in quarantine.)
    • User must enter password to restore objects: Requires users to enter the specified password before they can restore suspicious or infected objects, or risky software. The user is prompted to enter the password when they attempt to restore the object from the quarantine/backup folder. If you enable this option to password protect quarantined objects, you must share this password with the users you want to be able to restore those objects.
    • Password: Enter the password needed for users to restore quarantined objects.
  • Deleting files: Specifies whether files are automatically deleted.
    • Automatically delete quarantine files: Indicates all quarantined files older than the specified period will be automatically deleted.
    • Automatically delete backup files: Indicates all backed up files older than the specified period will be automatically deleted.

 


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other