Management and Security powered by Landesk
Agent settings: Ivanti Antivirus 2017
Ivanti Endpoint Security for Endpoint Manager 2017.3 SU2 introduces a new antivirus option that you can use on managed Windows devices. It's not installed by default, so visit this page on the Ivanti community for installation and deployment instructions.
Ivanti Antivirus 2017 features are accessed from the Agent Settings tool window (Tools > Security and Compliance > Agent Settings). Then in the Agent settings window under the Security folder, right-click Ivanti Antivirus 2017 and click New....
This topic describes the Ivanti Antivirus 2017 agent settings dialog box and other dialog boxes related to Ivanti Antivirus 2017.
Use these options to configure what antivirus protections are active and what antivirus elements users see on their devices.
Maintenance password: Password that will have to be entered on managed devices before any local changes to the antivirus software are allowed.
Notifications: These options determine what users see on their managed devices.
- Show icon in notification area
- Display alert popups
- Display notification popups
- File scan (Real-time protection): Enables file scanning so that files on managed devices are periodically scanned for viruses and malware.
- Application behavior monitoring: Enables real-time behavioral scanning, which monitors application behavior for suspicious activity.
Traffic scan: These options control the monitored network protocols.
- Enable Web (HTTP) scanning: Enables unencrypted HTTP traffic scans. If you want to scan both HTTP and HTTPS traffic, also enable the Scan SSL option on the Network scan page.
- Enable SMTP scanning: Enables anti-malware protection for SMTP mail protocol traffic.
- Enable POP3 scanning: Enables anti-malware protection for POP3 mail protocol traffic.
Network scan: These options control encrypted traffic scanning and browser behavior.
- Scan SSL: Controls encrypted SSL traffic scanning. Select this to enable it.
- Show browser toolbar: Shows a small antivirus browser tool at the top of every page. Clicking it shows a toolbar indicating the page safety rating. The toolbar supports recent versions of Internet Explorer, Edge, Firefox, Chrome, Safari, and Opera.
- Browser search advisor: Places a safety rating icon next to search engine results, helping users avoid suspicious pages. Most search engines encrypt traffic with SSL, so you'll need to enable the Scan SSL option for the search advisor to work correctly. The search advisor filters results from Google, Bing, and Yahoo. It also filters links from Facebook and Twitter.
The Full scan and Critical areas scan pages have the same options. One affects full antivirus scans and the other affects critical area antivirus scans. Available actions on detected items are:
- Move to quarantine
- Action to take for infected files: Action to be taken for an infected file.
- Action to take for suspicious files: Action to be taken for a suspicious file.
- Action to take for rootkits: Action to be taken for rootkits.
- Enable smart scanning (faster file scan): Stores file scan data and file checksums in a local database. If a file isn't in the database or if its checksum changes, the file will be scanned. This option speeds up scans since only new or changed files are scanned.
- Lower the priority of scanning threads: Lowers the scanner thread priority so that it is less likely to affect other tasks. This may make scans take longer.
- Allow user to pause a scan: Users can pause antivirus scans.
- Allow user to postpone a scan: Users can postpone scans.
- Allow stop a scan: Users can stop an active scan.
Use this page to configure where managed devices will download antivirus updates from. By default two locations are included: directly from the antivirus vendor (av-update.ivanti.com) and your core server. The vendor server will always have the latest updates. The core server updates its antivirus pattern files at the interval you specify, as described in the next section. The default is 24 hours.
Managed devices will contact servers in the order they appear in the list. If the first server fails, the device will proceed to the next server in the list, and so on. When a device downloads pattern files from the core server, it will always go directly to the core server.
Use the Up and Down buttons to change the preferred order. The Default URL and Core URL buttons insert the default values for those items.
In the Patch and Compliance tool's Download updates dialog box (accessed by clicking the Download updates toolbar button), there are two pages to be aware of: The Ivanti Antivirus 2017 page and the Proxy settings page.
The Ivanti Antivirus 2017 page has a single option, Update frequency. This controls the how often antivirus pattern file updates are downloaded from the cloud repository to the core for the new antivirus. The configurable range is 1-240 hours and the default is 24 hours.
Ivanti Antivirus 2017 updates use the proxy configuration you've specified on the Proxy settings page. When a proxy is set, the update process that runs on the core will used the proxy settings when connecting to the antivirus cloud server to download the updated pattern files.
Was this article useful?
The topic was:
Not what I expected
Copyright © 2018, Ivanti. All rights reserved.