Delaying the Distribution of AntiVirus Definition File Updates to Endpoints

You can control when Ivanti Endpoint Security agents download a new AntiVirus definitions file by setting a time delay interval in an Agent Policy Set.

Prerequisites:

• An Agent Policy Set must exist (use the Global Policy Set to apply the Distribution Delay to all endpoints). See Creating an Agent Policy Set in the Endpoint Security User Guide.
• Endpoints you want to delay definitions file distribution to must be part of a Group assigned the Agent Policy Set you edit. See Assigning an Agent Policy Set to a Group in the Endpoint Security User Guide.

Use a distribution delay to make time to test a new definitions file in a test environment before distributing it to endpoints (for example, to check for false positives that can negatively affect system functionality). In cases where a resultant policy is created through the merging of multiple assigned Agent Policy Sets, the shortest delay is used.

Important: Delaying the distribution of important updates can make your environment vulnerable to new viruses or malware.

The Definitions Distribution Delay option works together with the AntiVirus/Content polling frequency option, which determines how frequently or when the Ivanti Endpoint Security server is to check for definitions updates on the Global Subscription Service. As the Polling Frequency determines when the latest definitions are downloaded to the Ivanti Endpoint Security server, by combining it with the AntiVirus Distribution Delay you can postpone sending the latest set of definitions to endpoints up to the Polling Frequency value minus 1 hour. For more information, see Setting the Polling Frequency for AntiVirus Engine and Definition Updates.

For example, if the Polling Frequency is set to 4 hours, it means Ivanti Endpoint Security will download a new set of definitions every 4 hours and you have the possibility to delay the distribution of those definitions for 0, 1, 2 or 3 hours.

Ensure that the distribution delay is always set to less than the Polling Frequency. If the delay is set to be equal to or greater than the Polling Frequency, the delay will be reduced to 1 hour less than the Polling Frequency. For example, if the Polling Frequency is 4 hours and the administrator sets the AntiVirus distribution delay to 8 hours, the actual delay applied will be 3 hours

1. Select Manage > Agent Policy Sets.
2. Click the Edit icon associated with the policy set you want to edit.
   The Edit a Policy Set dialog opens.
3. Under the AV Engine & Definition Distribution Settings section in the Delay AV definition distribution by field, type the time interval (in hours, up to 23 hours) that the Ivanti Endpoint Security Agent is to delay requesting a new AntiVirus definitions file from the Application Server. The default value of 0 disables the option.
4. Click Save.
   Endpoints assigned the agent policy set will have new updates made available to them for download according to the configured delay interval. For example, if you set a value of 5 hours, an endpoint can download a new AntiVirus definition file 5 hours after it is received by the Application Server.

After Completing This Task:

Now you can:

• Check the version of the AntiVirus definition file on both the server and agents. See Checking the version of the AntiVirus Engine and Definition.
• Set the Polling Frequency for AntiVirus engine and definition file updates. See Setting the Polling Frequency for AntiVirus Engine and Definition Updates.
• Manually update the AntiVirus engine and definition files. See Updating the AntiVirus Engine and Definitions Manually.