Remove Existing/Previous AntiVirus Solution

Having multiple antivirus products installed on the same endpoint is not a good practice and could cause issues such as:

  • Endpoint becomes unstable or unusable.
  • End users are disrupted and productivity decreases.

AntiVirus does not include inbuilt AntiVirus removal tools. However, customers can leverage the Endpoint Security capabilities to deploy an AntiVirus uninstall package to each endpoint to remove the old AntiVirus solution and clean up any residual files. It is important to minimize the protection gap – the gap that occurs between disabling or removing one AntiVirus solution and adding another. This section outlines the recommended steps to plan your migration strategy and minimize the risk of leaving an endpoint unprotected.

Before you begin removing AntiVirus:

  1. Review the Previous AntiVirus Vendor’s recommendations and best practices for uninstalling their security technologies.
  2. Prior to planning your migration from the previous AntiVirus Vendor to Ivanti, make sure your Endpoint Security Server is licensed for the following products:
    • Patch and Remediation
    • AntiVirus
    • Content Wizard

AntiVirus Replacement Steps:

  1. Create the <Previous AntiVirus vendor> Uninstall Package
    Use the Ivanti Content Wizard to create a package that detects and removes the previous AntiVirus vendor from your endpoints. When you create the package, make sure the content has the reboot flag to force a restart of the endpoint which should put the endpoint in a clean state.

    The properties of the package should contain the following attributes:

    • Applicable to only endpoints with <Previous AntiVirus Vendor> products installed.
    • Reboot Flag to restart the endpoint when <Previous AntiVirus Vendor> products have been uninstalled.

    Once the previous AntiVirus vendor uninstall package has been created, run the package in your lab to verify the correct uninstall behavior and expected outcome.

  2. Add excludes to the <Previous AntiVirus vendor> AntiVirus policies for the Ivanti folders which will exist once AntiVirus is installed (C:\ProgramData\HEAT Software\ and C:\Program Files\HEAT Software\). This will help avoid potential conflicts while AntiVirus is being installed. Testing will need to be done to ensure there aren’t any other features in <Previous AntiVirus vendor> which might otherwise block the install of AntiVirus.
  3. Create groups to minimize the impact of rolling out AntiVirus. Assuming Ivanti Patch and Remediation is being used, you can leverage FastPath proxy servers at remote locations to seed the proxies with the install package. Using proxies and/or group-based rollout is necessary to avoid an AntiVirus storm on install when rolling out to large numbers of endpoints across the network. Do this out of hours where possible.
  4. Install AntiVirus to groups in a controlled manner to minimize network bandwidth utilization issues. AntiVirus will be installed with no AntiVirus policies enabled. Work around any Windows Security Center notification issues.
  5. Create AntiVirus real-time monitoring policy but do not assign it. Add recommended excludes as described in the Ivanti Community Article Excluding files, folders and processes from scans. Also, exclude <Previous AntiVirus vendor> directories if required.
  6. Disable <Previous AntiVirus vendor> AntiVirus on-access policy. Endpoints are now unprotected.
  7. Assign AntiVirus real-time monitoring policy to groups that have <Previous AntiVirus vendor> on-access policy disabled. Endpoints are now protected.
  8. Deploy your <Previous AntiVirus vendor> uninstall package including reboot to remove <Previous AntiVirus vendor> and clean up any residual files.
    Monitor the deployment to the group by leveraging the Manage > Deployment and Tasks page in the Endpoint Security Console to track status of the deployment.
  9. Remove the <Previous AntiVirus vendor> excludes from the AntiVirus real-time monitoring policy as it is no longer required and is a potential security hole.