Ivanti Antivirus overview
Ivanti Antivirus is comprised of a built-in antivirus agent scanner, a continuously updated virus signature database, and antivirus configuration options and features available in the Agent Settings tool.
IMPORTANT: Antivirus agent
The Antivirus agent is distinct from the Patch and Compliance security scanner agent.
Ivanti® Endpoint Security for Endpoint Manager services maintains a current database of virus definition/pattern files that can be downloaded, evaluated and tested, and distributed to target devices on your network.
With Ivanti Antivirus, you can:
- Download the latest virus definition\pattern file updates (the Ivanti® Endpoint Security for Endpoint Manager service's antivirus signature database is updated several times a day)
- Schedule recurring virus definition file updates
- Archive previous virus definition files
- Create and deploy Antivirus agent installation tasks
- Run on-demand and scheduled antivirus scans on target devices
- Configure antivirus scan behavior and end user options
- Select which types of files to scan, and whether to scan for riskware
- Enable real-time file and email virus protection
- Scan for third-party antivirus scanner engines, and enable/disable real-time virus scanning and ensure up-to-date virus pattern files for those specific antivirus products
- View antivirus activity and status information for scanned devices
- Configure antivirus alerts
- Generate antivirus reports
Security content types and subscriptions
When you install Ivanti® Endpoint Manager or Ivanti® Endpoint Security for Endpoint Manager, the Patch and Compliance tool is included by default. However, without a Endpoint Security for Endpoint Manager content subscription, you can only scan for Ivanti software updates and custom definitions. A Endpoint Security for Endpoint Manager content subscription enables you to take full advantage of the Patch and Compliance tool (and Agent Settings tool) by providing access to additional security content (definition types), including antivirus scanner detection rules and the actual Ivanti Antivirus virus definition files used by the antivirus scanner.
Security content types include:
- Antivirus updates (for third-party scanners, includes antivirus scanner detection content only; for Antivirus, includes both scanner detection content and virus definition files, as well as riskware definition files available in an extended database)
- Blocked applications (see the Legal disclaimer for the blocked applications type)
- Custom vulnerability definitions
- Driver updates
- Ivanti software updates
- Security threats (system configuration exposures; includes firewall detection and configuration)
- Software updates
- Spyware
- Vulnerabilities (known platform vulnerabilities, and application-specific vulnerabilities)
For information about Endpoint Security for Endpoint Manager content subscriptions, contact your Ivanti reseller, or visit the Ivanti website:
Using Download Updates
Note that the Updates page of the Download updates dialog box includes several antivirus updates in the definition types list, including one named Ivanti Antivirus Updates. When you select Ivanti Antivirus Updates, both the scanner detection content and the Ivanti Antivirus virus definition file updates are downloaded.
For third-party scanner engines, antivirus updates include scanner definitions that detect:
- Installation of common antivirus scanner engines (including the Antivirus tool)
- Real-time scanning status (enabled or disabled)
- Scanner-specific pattern file versions (up to date or old)
- Last scan date (whether the last scan is within the maximum allowable time period specified by the administrator)
For the Antivirus scanner, antivirus updates includes not only the scanner detection content listed above, but also the virus definition files used by the Antivirus scanner.
NOTE: Antivirus scanner detection content versus virus definition content
Antivirus updates does not imply actual virus definition/pattern files. When you download third-party antivirus updates, only scanner detection content is downloaded to the default repository, but scanner-specific virus definition files are not downloaded. However, when you download antivirus updates, both the scanner detection content and the antivirus-specific virus definition files are downloaded. Antivirus virus definition files are downloaded to a separate location on the core server. The default virus definition file repository is the \LDLogon\Antivirus\Bases folder.