Management and Security powered by Landesk

Ivanti Antivirus settings

IvantiAntivirus features are accessed from the Agent Settings tool window (Tools > Security and Compliance > Agent Settings). In the Agent settings window, right-click Ivanti Antivirus, then click New....

Antivirus allows you download and manage antivirus content (virus definition files); configure antivirus scans; and customize antivirus scanner display/interaction settings that determine how the scanner appears and operates on target devices, and which interactive options are available to end users. You can also view antivirus-related information for scanned devices, enable antivirus alerts, and generate antivirus reports.

The main section for Ivanti Antivirus introduces this complementary security management tool, which is a component of both Ivanti® Management Suite and Ivanti® Security Suite. In that section you'll find an overview, antivirus content subscription information, as well as step-by-step instructions on how to use Antivirus features.

This section contains the following help topics that describe the Antivirus Settings dialog. From the console interface, access these topics by clicking the Help button on each dialog box.

About the Ivanti Antivirus General page

Use this page to configure Ivanti Antivirus scanner settings on target devices.

This page contains the following options:

  • Name: Identifies the antivirus settings with a unique name. This name will appear in the Agent settings list in the console and in the Antivirus scan task dialog box.
  • Protection:
    • File Antivirus: Enables real-time scanning of files on target devices.
    • Mail Antivirus: Enables real-time email scanning on target devices. Real-time email scanning continuously monitors incoming and outgoing messages, checking for viruses in both the body of the message and any attached files and messages. Any detected viruses are removed.
    • Web Antivirus: Enables real-time scanning of web traffic, website URLs, and links on target devices on all HTTP, HTTPS, and FTP protocols.
    • IM Antivirus: Enables real-time scanning of instant messaging applications, including ICQ, MSN® Messenger, AIM, Mail.Ru Agent, and IRC.
    • Network Attack Blocker: Enables the Network Attack Blocker that detects and adds attacking computers to the list of blocked devices for a specified period of time.
    • System Watcher: Enables the System Watcher utility that monitors application activity on target devices.
  • User interface:
    • Show Ivanti Antivirus icon in system tray: Makes the Ivanti Antivirus icon appear in the device system tray. The icon's appearance depends on the status of antivirus protection, indicating whether real-time protection is enabled. If the arrow icon is yellow, real-time protection is enabled meaning the device is continuously being monitored for viruses. If the icon is gray, real-time protection is not enabled.
    • Enable database out-of-date and obsolete warning messages: Allows Ivanti Antivirus to display warning messages when the database is out-of-date or obsolete. Specifies the number of days for each status.
  • Do not send Ivanti Antivirus reboot status: Select this option if you do not want Ivanti Antivirus to send the reboot status to the core. By default, Ivanti Antivirus sends a status update about whether or not it requires a reboot to complete an install or update. The status will appear in Security activity | Ivanti Antivirus | Activity and the core will set 'Reboot Needed' inventory information under Computer | Ivanti Management.
  • Set As Default:Establishes the settings on all of the pages of the Ivanti Antivirus dialog box as the default settings. The name you entered will appear in the console with the default icon next to it. You cannot delete a setting that is marked as default. When you create a new agent configuration, those settings will be selected by default. Unless an antivirus scan task has specific antivirus settings associated with it, Ivanti Antivirus will use the default settings during scan and definition file update tasks.

About the Ivanti Antivirus Permissions page

Use this page to configure Ivanti Antivirus permissions settings on target devices.

This page contains the following options:

  • Allow user to disable protection components for up to: Specifies the period of time during which the user can turn off the protection components listed on the Protection page.
  • Allow user to update definitions: Allows the user to update antivirus definition files.
  • Allow user to restore objects: Allows the user to restore objects quarantined backed up objects.
  • Allow user to change settings: Allows the user to configure settings and edit tasks.
    • Allow user to schedule scans: Allows the user to specify the date and time to scan.
    • Allow user to exclude objects from scanning: Allows the user to identify file types that will not be included in the scan.
    • Allow users to add Web URLs: Allows the user to specify sites that will be excluded from the scan.
    • Allow users to configure exclusions in Network Attack Blocker: Allows the user to list IP addresses that Ivanti Antivirus will trust. Ivanti Antivirus will not block network attacks from these IP addresses but will still log information about such attacks.

About the Ivanti Antivirus Protection page

Use this page to configure Ivanti Antivirus protection settings on target devices.

This page contains the following options:

  • Start Ivanti Antivirus on computer startup: Enables the automatic start of Ivanti Antivirus after the operating system loads, protecting the computer during the entire session. This option is selected by default. If you disable this option, Ivanti Antivirus will not start until the user starts it manually and the user data may be exposed to threats.
  • Enable Advanced Disinfection Technology: If you select this option, when Ivanti Antivirus detects malicious activity in the operating system, it displays a pop-up message that suggests performing a special advanced disinfection procedure. After the user approves this procedure, Ivanti Antivirus neutralizes the threat. After completing the advanced disinfection procedure, Ivanti Antivirus restarts the computer. The advanced disinfection technology uses considerable computing resources, which may slow down other applications. If you leave this option unselected, which is the default setting, when Ivanti Antivirus detects malicious activity in the operating system, it carries out the disinfection procedure according to the current application settings. No computer restart is performed after Ivanti Antivirus neutralizes the threat.
  • Threats: Specifies the objects for detection.
    • Malware: By default, Ivanti Antivirus scans for viruses, worms, and Trojan programs. On this tab, you can specify whether to scan for malicious tools.
    • Adware, auto-dialers, other programs: Specifies whether to control adware and legitimate applications that may be exploited by intruders to harm the computer or user data. Select Other to protect against objects such as Internet chat clients, downloaders, monitoring programs, and remote administration applications.
    • Compressed files: Specifies whether to scan for packed files that may cause harm and multi-packed objects.
  • Exclusions: Specifies files, folders, or extensions for Ivanti Antivirus to exclude from the scan. Ivanti Antivirus will check the \LDClient and \Shared files folders for .exe files. If those files are signed by Ivanti, Antivirus automatically excludes them from all scans and adds them to the Trusted application list.
    • Realtime: Specifies files, folders, or extensions to exclude from the scan in realtime. Click Add... to open the Add excluded path dialog, where you can specify file type and browse to the objects you want to exclude.
    • Virus Scan: Specifies files, folders, or extensions to exclude from the virus scan. Click Add... to open the Add excluded path dialog, where you can specify file type and browse to the object(s) you want to exclude.
  • Monitored ports: Specifies which ports to monitor.
    • Monitor all network ports: The protection components monitor data streams that are transmitted via any open network ports of the computer.
    • Monitor only selected ports: The protection components monitor only user-specified ports. Whatever is listed in network ports gets included and will be checked on the client. This network port monitoring mode is selected by default. Click Settings to open the Network ports dialog box, where you can create a list of monitored network ports and a list of applications.
      • Network ports list: This list contains network ports that are normally used for transmission of email and network traffic. Select a port for Ivanti Antivirus to monitor network traffic that passes through this network port via any network protocol. Click Add... to enter a new port number and description.
      • Monitor all ports for specified applications: Specifies whether all network ports are monitored for applications that are specified in the Applications list.
      • Applications list: This list contains applications that have network ports which Ivanti Antivirus will monitor. For each application, the list of applications specifies the path to its corresponding executable file. Click Add... to select an application from the database or browse for an application from the file location.

 

About the Ivanti Antivirus Protection: File Antivirus page

Use this page to configure the way File Antivirus works with Ivanti Antivirus on target devices.

This page contains the following options:

  • Enable File antivirus: Starts File Antivirus with Ivanti Antivirus. File Antivirus continuously remains active in computer memory and scans all files that are opened, saved, or started on the computer. By default, File Antivirus is enabled and configured with the recommended settings.
  • Security Level: Specifies one of the three file security levels (High, Recommended, or Low). You can configure a custom file security level by selecting settings on the General, Performance, and Additional tabs.

    High: File Antivirus takes the strictest control of all files that are opened, saved, and started. File Antivirus scans all file types on all hard drives, network drives, and removable storage media of the computer. It also scans archives, installer packages, and embedded OLE objects. This settings is recommended for hostile environments.

    Recommended: File Antivirus scans only the specified file formats on all hard drives, network drives, and removable storage media of the computer. It also scans embedded OLE objects. With the Recommended setting, File Antivirus doesn't scan archives or installer packages.

    Low: Ensures the maximum scanning speed. With this setting, File Antivirus scans only files with specified extensions on all hard drives, network drives, and removable storage media of the computer. File Antivirus won't scan compound files.

  • If you choose to create a custom security level, be sure to consider the working conditions and current situation.

    • General: Specifies whether Antivirus scans by file format, extension, or both.
      • File types: There are some file formats (such as .txt) for which the probability of intrusion of malicious code and its subsequent activation is quite low. At the same time, there are file formats that contain or may contain executable code (such as .exe, .dll, and .doc). The risk of intrusion and activation of malicious code in such files is quite high. An intruder may send a virus or another malicious program to your computer in an executable file that has been renamed with the .txt extension. If you select scanning of files by extension, such a file is skipped by the scan. If scanning of files by format is selected, then regardless of the extension, File Antivirus analyzes the file header. This analysis may reveal that the file is in .exe format. Such a file is thoroughly scanned for viruses and other malware.
        • All files: Sets to scan every file, regardless of format or extension.
        • Files scanned by format: Sets to scan files of a certain format (infectable files). Both the file extension, and the format of the file (as stated in the internal header of a file) is analyzed to determine the format of the file to determine if a file will be scanned.
        • Files scanned by extension: Sets to scan files of certain extensions. Files without an extension are treated as .exe files. The extensions that are included in the scan are:
          • Files without an extension
          • .com – executable file of an application no larger than 64 KB
          • .exe – executable file or self-extracting archive
          • .sys – Microsoft Windows system file
          • .prg – dBase, Clipper, or Microsoft Visual FoxPro™ program test, or a WAVmaker program file
          • .bin – binary file
          • .bat – batch file
          • .cmd – command file for Microsoft Windows, or OS/2
          • .dpi – compressed Borland Delphi library
          • .dll – dynamic link library
          • .scr – Microsoft Windows splach screen
          • .cpl – Microsoft Windows control panel module
          • .ocx – Microsoft OLE (Object Linking and Embedding) object
          • .tsp – program running in split-time mode
          • .drv – device driver
          • .vxd – Microsoft Windows virtual device driver
          • .pif – program information file
          • .lnk – Microsoft Windows link file
          • .reg – Microsoft Windows system registry key file
          • .ini – configuration file which contains configuration data for Microsoft Windows, Window NT and some applications
          • .cla – Java class
          • .vbs – Visual Basic® script
          • .vbe – BIOS video extension
          • .js, .jse – JavaScript source text
          • .htm – hypertext document
          • .htt – Microsoft Windows hypertext header
          • .hta – hypertext program for Microsoft Internet Explorer
          • .asp – Active Server Pages script
          • .chm – compiled HTML file
          • .pht – HTML file with integrated PHP scripts
          • .php – script that is integrated with HTML files
          • .wsh – Microsoft Windows Script Host files
          • .wsf – Microsoft Windows Script
          • .the – Microsoft Windows 95 desktop wallpaper file
          • .hlp – Win help file
          • .eml – Microsoft Outlook Express email message
          • .nws – new Microsoft Outlook Express email message
          • .msg – Microsoft Mail email message
          • .phg – email message
          • .mbx – extension for save Microsoft Office Outlook emails
          • .doc* - Microsoft Office Word documents and files
          • .dot* - Microsoft Office Word templates
          • .fpm – database program, Microsoft Visual FoxPro start file
          • .rtf – Rich Text Format document
          • .shs – Windows Shell Script Object Handler fragment
          • .dwg – AutoCAD™ drawing database
          • .msi – Microsoft Windows Installer package
          • .otm – VBA project for Microsoft Office Outlook
          • .pdf – Adobe Acrobat document
          • .swf – Shockwave® Flash package object
          • .jpg, .jpeg – compressed image graphics format
          • .emf – Enhanced Metafile Format File. Next generation of Microsoft Windows OS metafiles.
          • .ico – object icon file
          • .ov? – Microsoft Office Word executable files
          • .xl* - Microsoft Office Excel documents and files
          • .pp* - Microsoft Office PowerPoint® documents and files
          • .md* - Microsoft Office Access® documents and files
          • .sldx – Microsoft PowerPoint 2007 slide
          • .sldm – Microsoft PowerPoint 2007 slide with macro support
          • .thmx – Microsoft Office 2007 theme
      • Protection scope: Specifies which drives to scan, including all removable drives, all hard drives, and/or all network drives.
    • Performance: Specifies the scan methods, whether to only scan new files, and how to handle compound files.
      • Heuristic analysis: This technology detects files that may be infected with an unknown virus by loading the file into virtual space and looking for virus-like behavior. If Antivirus detects malicious code in a file during heuristic analysis, it will mark the file as probably infected.
      • Scan new and changed files only: Enables File Antivirus to scan only new files and files that have been modified since the previous scan.
      • Scan archives: Enables File Antivirus to scan RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE archives.
      • Scan installation: Enables File Antivirus to scan installation packages.
      • Scan embedded OLE objects: Enables File Antivirus to scan files that are embedded in another file, such as Microsoft® Office Excel® spreadsheets, macros that are embedded in Microsoft® Office Word® files, or email attachments.
      • Additional...: Opens the Compound files dialog box, where you can specify the following options:
        • Extract compound files in the background: Select whether to enable asynchronous scanning of archives and other compound files of a (configurable) minimum size.
        • Do not unpack large compound files: Select whether to exclude compound files of a (configurable) maximum size. This setting does not affect the scanning of files that are extracted from archives.
    • Additional: Specifies the mode and technology File Antivirus will use and when it will pause.
      • Scan mode: The default scan mode is Smart mode, in which File Antivirus scans files by analyzing operations performed with a file by the user, an application, or the operating system. In the On access and modification mode, File Antivirus scans files when the user, an application, or the operating system attempts to open or modify the files. In the On access mode, File Antivirus scans files only when the user, an application, or the operating system attempts to open the files. In the On execution mode, File Antivirus scans files only when the user, an application, or the operating system attempts to run files.
      • Scan technologies: Specifies the scan technologies that File Antivirus uses when scanning files. The iSwift and iChecker technologies are mutually complementary. This speeds up scanning of objects that are from various file systems and operating systems.
        • iSwift: Is applicable only to an NTFS file system. During the first scan an NTFS-identifier is given to each object, and stored in an iSwift database. From then on, the file will be scanned only if the file is changed, as detected by the NTFS-identifier. This applies to any objects regardless of format, size, and type. (If the file is copied or relocated from to an NTFS file system from a non-NTFS source, the file is scanned at that point, and given an NTFS-identifier.)
        • iChecker: During the first scan the check sum information is saved in a special iChecker table. From then on, the file will be scanned only if the check sum has changed. This iChecker technology only works on a limited number of formats, including .exe, .dll, .lnk, .ttf, .inf, .sys, .com, .chm, .zip, and .rar. Size restrictions apply because it is faster to scan the big files, rather than recalculate the check sum.
      • Pause task: Specifies when to pause File Antivirus. The By schedule option allows pausing File Antivirus for a specified time. This feature can decrease the load on the operating system. Click Schedule... to open the Pausing the task window. In this window, you can specify the time interval for which File Antivirus is paused. The At application startup option pauses File Antivirus while the user works with applications that require significant resources from the operating system. This option is not selected by default. Click Select... to open the Applications window, where you can create a list of applications that pause File Antivirus when they are running.

  • Action: Specifies the action that File Antivirus performs if infected files are detected. Before attempting to disinfect or delete an infected file, File Antivirus creates a backup copy for subsequent restoration or disinfection.
    • Select action automatically: Enables File Antivirus to perform the default action that is specified by Ivanti. This action is 'Disinfect. Delete if disinfection fails.'
    • Perform actions: Enables File Antivirus to automatically attempt to remove the virus from the file. If it cannot remove the virus, File Antivirus deletes the file.
      • Disinfect: Enables File Antivirus to automatically attempt to disinfect all infected files that are detected. File Antivirus applies the Delete action to files that are part of the Windows Store application.
      • Delete if disinfection fails: Enables File Antivirus to automatically delete all infected files that it detects.

 

About the Ivanti Antivirus Protection: Mail Antivirus page

Use this page to configure the way Mail Antivirus works with Ivanti Antivirus on target devices.

This page contains the following options:

  • Enable Mail Antivirus: Starts Mail Antivirus with Ivanti Antivirus. Mail Antivirus continuously remains active in computer memory and scans all email messages that are transmitted via the POP3, SMTP, IMAP, MAPI, and NNTP protocols. By default, Mail Antivirus is enabled and configured with the recommended settings.
  • Security Level: Specifies one of the three file security levels (High, Recommended, or Low). You can configure a custom mail security level by selecting settings on the General, Performance, and Additional tabs.

    High: Mail Antivirus scans email messages most thoroughly. Mail Antivirus scans incoming and outgoing messages and performs deep heuristic analysis. The High mail security level is recommended when working in a dangerous environment, such as a connection to a free email service from a home network that is not guarded by centralized email protection.

    Recommended: Provides the optimal balance between the performance of Ivanti Antivirus and email security. Mail Antivirus scans incoming and outgoing email messages, and performs middle-intensity heuristic analysis. This mail traffic security level is recommended by Ivanti. This is the default setting.

    Low: Scans only incoming email messages, performs light heuristic analysis, and doesn't scan archives that are attached to email messages. At this mail security level, Mail Antivirus scans email messages at maximum speed and uses a minimum of operating system resources. The Low mail security level is recommended for use in a well-protected environment, such as a LAN with centralized email security.

    If you choose to create a custom security level, be sure to consider the working conditions and current situation.

    • General:
      • Protection scope: Specifies whether to scan incoming and outgoing messages or incoming messages only.
      • POP3 / SMTP / NNTP / IMAP traffic: Enables Mail Antivirus to scan emails before they are received on the computer. If you clear this option, Mail Antivirus will not scan email messages that are transferred via the POP3, SMTP, NNTP, and IMAP protocols before they arrive on your computer. Instead, Mail Antivirus plug-ins that are embedded into the Microsoft Office Outlook and The Bat! email clients will scan the messages after they arrive on your computer.
      • Additional: Microsoft Office Outlook plug-in: Enables access to the Mail Antivirus settings from Microsoft Office Outlook so you can configure the component to scan email messages for viruses and other malware. A plug-in embedded into Microsoft Office Outlook is enabled to scan email messages transmitted via the POP3, SMTP, NNTP, IMAP and MAPI protocols after they arrive on your computer.
      • Additional: The Bat! plug-in: Enables the plug-in embedded into The Bat! to scan email messages that are transmitted via the POP3, SMTP, NNTP, IMAP, and MAPI protocols after they are received on your computer.
      • Scan attached archives: Enables Mail Antivirus to scan archives that are attached to email messages. You can specify the size of archives to scan and the amount of time allocated for the scanning of archived email attachments.
    • Attachment filter:
      • Disable filtering: Specifies whether Mail Antivirus filters files that are attached to email messages.
      • Rename specified attachment types: Enables Mail Antivirus to replace the last character in attached files of the specified types with the underscore (_) symbol.
      • Delete specified attachment types: Enables Mail Antivirus to delete attached files of the specified types from the email messages. You can specify the types of attached files to delete from emails in the Extension list.
    • Additional: Specifies whether Mail Antivirus will use heuristic analysis during scanning of email. This technology detects files that may be infected with an unknown virus. If Antivirus detects malicious code in a file during heuristic analysis, it will mark the file as probably infected. Move the slider along the horizontal axis to change the detail level for heuristic analysis. The detail level for heuristic analysis sets the balance between the thoroughness of searching for new threats, the load on the resources of the operating system, and the duration of heuristic analysis. The following levels of detail of heuristic analysis are available:
    • Light scan: Heuristic Analyzer doesn't perform all instructions in executable files while scanning email for malicious code. At this level of detail, the probability of detecting threats is lower than at the Medium scan and Deep scan levels. Email scanning is faster and less resource-intensive.

      Medium scan: When scanning files for malicious code, Heuristic Analyzer performs the number of instructions in executable files that is recommended by Ivanti. The medium scan detail level is selected by default.

      Deep scan: When scanning files for malicious code, Heuristic Analyzer performs more instructions in executable files than at the Light scan and Medium scan levels of heuristic analysis. At this level of detail, the probability of detecting threats is higher than at the Light scan and Medium scan levels. Email scanning consumes more system resources and takes more time.

  • Action:
    • Select action automatically: Enables Mail Antivirus to perform the default action that is specified by Ivanti. This action is to disinfect all infected email messages that are detected and if disinfection fails, to delete them.
    • Perform actions: Mail Antivirus automatically attempts to disinfect all infected email messages that are detected. If disinfection fails, Mail Antivirus deletes them. If this option is selected, Mail Antivirus automatically attempts to disinfect all infected email messages that are detected. If disinfection fails, Mail Antivirus moves them to Quarantine.
      • Disinfect: Mail Antivirus automatically attempts to disinfect all infected email messages that are detected. If disinfection fails, Mail Antivirus moves them to Quarantine.
      • Delete: Mail Antivirus automatically deletes all infected email messages that are detected.

About the Ivanti Antivirus Protection: Web Antivirus page

Use this page to configure the way Web Antivirus works with Ivanti Antivirus on target devices.

This page contains the following options:

  • Enable Web Antivirus: Web Antivirus starts with Ivanti Antivirus and protects information that arrives on the computer via the HTTP and FTP protocols. By default, Web Antivirus is enabled and configured with the recommended settings.
  • Security Level: Specifies one of the three file security levels (High, Recommended, or Low). You can configure a custom web security level by selecting settings on the Scan methods and optimization and Trusted URLs tabs.

    High: Web Antivirus performs maximum scanning of web traffic that the computer receives via the HTTP and FTP protocols. Web Antivirus scans in detail all web traffic objects, with use of the full set of application databases, and performs the deepest possible heuristic analysis. This technology was developed for detecting threats that cannot be detected by using the current version of Ivanti databases. It detects files that may be infected with an unknown virus or a new variety of a known virus. Files in which malicious code is detected during heuristic analysis are marked as probably infected.

    Recommended: Provides the optimal balance between the performance of Ivanti Antivirus and the security of web traffic. Web Antivirus performs heuristic analysis at the Medium scan level. This default web traffic security level is recommended by Ivanti.

    Low: Ensures the fastest scanning of web traffic. Web Antivirus performs heuristic analysis at the Light scan level.

    If you choose to create a custom security level, be sure to consider the working conditions and current situation.


    • Scan methods and optimization:
      • Check if links are listed in the database of suspicious URLs: Specifies whether to scan URLs against the database of malicious web addresses. Checking URLs against the database of malicious web addresses helps to detect websites that are in the black list of web addresses.
      • Check if links are listed in the database of phishing URLs: Specifies whether to scan URLs against the database of phishing web addresses. The database of phishing URLs includes the web addresses of currently known websites that are used to launch phishing attacks.
      • Heuristic analysis for detecting viruses: Specifies whether to use heuristic analysis when scanning web traffic for viruses and other malicious programs. The technology was developed for detecting threats that cannot be detected by using the current version of Ivanti application databases. It detects files that may be infected with an unknown virus or a new variety of a known virus. Files in which malicious code is detected during heuristic analysis are marked as probably infected.
      • Heuristic analysis for phishing links: Specifies whether to heuristic analysis when scanning web pages for phishing links.
      • Limit web traffic caching time: Scans cached fragments of web traffic objects for one second. If the option is cleared, Web Antivirus performs deeper web traffic scanning. Access to web traffic objects may become slower during scanning.
    • Trusted URLs:
      • Do not scan web traffic from trusted URLs: Specifies whether to scan the content of websites whose addresses are included in the list of trusted URLs. Click Add to open the Address mask (URL) window, where you can enter a URL and enable or disable it. If a URL is disabled, Web Antivirus temporarily excludes it from the list of trusted URLs.
  • Action:
    • Select action automatically: Enables Web Antivirus to perform the default action that is specified by Ivanti when it detects an infected object in web traffic. The default action is 'Block download.'
    • Block download: Enables Web Antivirus to block access to an infected object and display a notification about the object.
    • Allow download: Enables Web Antivirus to allow an infected object to be downloaded to your computer.

About the Ivanti Antivirus Protection: IM Antivirus page

Use this page to configure the way IM Antivirus works with Ivanti Antivirus on target devices.

This page contains the following options:

  • Enable IM Antivirus: IM Antivirus starts with Ivanti Antivirus, remains constantly in the computer's RAM, and scans all messages that arrive through Internet messaging clients. IM Antivirus ensures the safe operation of numerous instant messaging applications.
  • Protection scope: Specifies the type of messages that are transmitted by IM clients to be scanned by IM Antivirus.
    • Incoming and outgoing messages: IM Antivirus scans both incoming and outgoing instant messages for malicious objects or URLs that are in databases of malicious and phishing web addresses This is the default setting.
    • Incoming messages only: IM Antivirus scans only incoming instant messages for malicious objects or URLs that are in databases of malicious and phishing web addresses. IM Antivirus doesn't scan outgoing messages.
  • Scan methods: Specifies the methods that IM Antivirus uses when scanning messages that arrive through IM clients.
    • Check if links are listed in the database of suspicious URLs: Specifies whether to scan URLs in IM client messages against the database of malicious URLs.
    • Check if the links are listed in the database of phishing URLs: Specifies whether to scan URLs in IM client messages against the database of phishing URLs.
    • Heuristic analysis: Specifies whether IM Antivirus will use heuristic analysis scanning IM client messages. This technology detects files that may be infected with an unknown virus. If Antivirus detects malicious code in a file during heuristic analysis, it will mark the file as probably infected. Move the slider along the horizontal axis to change the detail level for Heuristic Analysis. The detail level for Heuristic Analysis sets the balance between the thoroughness of searching for new threats, the load on the resources of the operating system, and the duration of heuristic analysis. The following levels of detail of Heuristic Analysis are available:

      Light Scan: Heuristic Analyzer scans instant messages for threats by using a minimum set of attributes. Scanning is faster and less resource-intensive, with the least number of false positives.

      Medium scan: Heuristic Analyzer scans instant messages for threats by using the number of attributes that ensures the optimum balance between the speed and detail of scanning and avoids a large number of false positives. This level of detail for heuristic analysis is set by default.

      Deep scan: Heuristic Analyzer scans instant messages for threats by using a maximum set of attributes. The scan is performed in detail, requires more operating system resources, and takes more time. False positives are probable.

About the Ivanti Antivirus Protection: Network Attack Blocker page

Use this page to configure the Network Attack Blocker that Ivanti Antivirus uses on target devices to detect and add attacking computers to the list of blocked devices for a specified period of time.

This page contains the following options:

  • Enable Network Attack Blocker: Network Attack Blocker starts with Ivanti Antivirus and scans incoming network traffic for network activity that is characteristic of network attacks. After detecting an attempted network attack, Network Attack Blocker blocks network activity from an attacking computer that targets the user's computer.
  • Add the following computer to the list of blocked computers for (minutes): Specifies the number of minutes that Network Attack Blocker will block network activity from an attacking computer. This block automatically protects the user's computer against possible future network attacks from the same address. The default value is 60 minutes.
  • Configure addresses of exclusions: Specifies IP addresses from which network attacks will not be blocked, although information about such attacks will be logged. Click the Exclusions... button to open the Exclusions window, where you can add IP addresses.

About the Ivanti Antivirus Protection: System Watcher page

Use this page to configure System Watcher, which Ivanti Antivirus uses to monitor application activity on target devices. System Watcher settings only take effect after the next reboot.

This page contains the following options:

  • Enable System Watcher: Enables the functionality specified in the System Watcher settings.
  • Enable Exploit Prevention: Enables Ivanti Antivirus to keep track of executable files launched by vulnerable applications. On detecting that an attempt to run an executable file from a vulnerable application was not initiated by the user, Ivanti Antivirus blocks the launch of this file. Ivanti Antivirus stores information about the blocked launch of the executable file in the Exploit Prevention report.
  • Log application activity for the BSS database: Enables the logging of application activity. This information is used to update the BSS (Behavior Stream Signatures) database. System Watcher logs application activity by default.
  • Do not monitor the activity of applications that have a digital signature: Ivanti Antivirus adds digitally signed applications to the Trusted group and doesn't monitor the activities of applications from this group.
  • Rollback of malware actions: Allows rolling back malware actions in the operating system while disinfection is in progress. This option is selected by default.
  • Proactive Defense: Specifies whether Ivanti Antivirus will analyze the activity of an application and what action it will take if it determines the activity is malicious.
    • Use behavior stream signatures (BSS): Specifies whether to use BSS (Behavior Stream Signatures) technology, which involves analyzing the behavior of applications based on information that is collected about their activities. System Watcher looks for similarities between the actions of an application and the actions of malware. If System Watcher analyzes the activity of an application and determines that it is malicious, System Watcher performs the action that you specified in the On detecting malware activity list.
    • On detecting malware activity: Specifies the action that Ivanti Antivirus performs upon detection of malicious activity.
      • Select action automatically: Ivanti Antivirus performs the default action that is specified by Ivanti. By default, Ivanti Antivirus moves the executable file of a malicious application to Quarantine.

      • Move file to Quarantine:Ivanti Antivirus moves the executable file of a malicious application to Quarantine.

      • Terminate the malicious program: Ivanti Antivirus terminates the application.
      • Skip: Ivanti Antivirus doesn't take any action on the executable file of a malicious application.

About the Ivanti Antivirus: Scheduled Tasks page

Use this page to create a scheduled task that will be performed by the Ivanti Local Scheduler tool. These tasks are separate from the tasks that can be scheduled via the Ivanti Antivirus client on the managed device. Note that task notifications that appear in the client interface refer to the Ivanti Antivirus client's native scheduler, not the core server's Local Scheduler tool.

This page contains the following options:

  • Scheduled tasks: Creates a scheduled task that will be performed by Ivanti Antivirus on the managed device. These tasks are separate from the tasks that can be scheduled via the Ivanti Local Scheduler tool.
    • Update: Specifies when to update virus definitions. Click Change schedule... to open the Schedule periodic virus definition updates window, where you can select the events that will trigger an update, the time of an update, and the filters.
    • Full Scan: Specifies when to do a full scan. Click Change schedule... to open the Schedule periodic antivirus scans window, where you can select the events that will trigger a scan, the time of a scan, and the filters.
    • Critical Areas Scan: Specifies when to scan critical areas only. Click Change schedule... to open the Schedule periodic antivirus scans window, where you can select the events that will trigger a scan, the time of a scan, and the filters.
  • Background scan tasks: Specifies whether to performing the background scan of the system memory, startup objects, and the system partition while the computer is idle to optimize the use of computer resources.
    • Perform idle scan: Starts a scan task for autorun objects, RAM, and the operating system partition when the computer is locked or the screen saver is on for 5 minutes or longer, if one of the following conditions is true:
      • An idle scan of the computer has not occurred since the installation of Ivanti Antivirus.
      • The last idle scan of the computer occurred more than 7 days ago.
      • The last idle scan of the computer was interrupted during an update of the application databases and modules.
      • The last idle scan of the computer was interrupted during an on-demand scan.
  • Scan removable drive on connection: Specifies whether to scan a removable drive when it is connected to the computer.
    • Action on removable drive connection: Allows you to select the action that Ivanti Antivirus will perform when you connect a removable drive to the computer.
      • Do not scan: Ivanti Antivirus doesn't run a scan and doesn't prompt you to select an action to perform when a removable drive is connected. This setting is for use if files were previously scanned and not infected.
      • Full scan: Ivanti Antivirus starts a full scan of the removable drive according to the Full Scan task settings. The scan can be skipped if the option is set to override the scan on a drive larger than that set in the Maximum removable drive size setting.
      • Quick scan: Ivanti Antivirus starts a start a scan of the removable drive according to the Critical Areas Scan task settings. This scan can be skipped if the option is set to override the scan on a drive larger than that set in the Maximum removable drive size setting.
    • Maximum removable drive size (MB): Specifies the size of removable drives on which Ivanti Antivirus performs the action that is selected in the Actions on drive connection list. The default size is 4096 MB.

     

    About the Schedule periodic antivirus scans dialog box

    If you want this antivirus settings to include a recurring antivirus scan, use this dialog box to specify start time, frequency, time restriction, and bandwidth requirement settings. Antivirus scan tasks (and change settings tasks) associated with this settings will use the rules defined here.

    All criteria in this dialog box that you configure must be met before the task will execute. For example, if you configure a schedule that repeats every day between 8 and 9 o'clock with a Machine state of Desktop must be locked, the task will only execute if it's between 8 and 9 o'clock AND the machine is locked.

    This dialog box contains the following options:

    • Run when user logs in: The scan will occur when the user logs into the machine.
    • Run whenever the machine's IP address changes: The scan will occur when the machine's IP address changes.
    • Start: Click this option to display a calendar where you can select the day you want the task to start. Once you pick a day, you can also enter a time of day. These options default to the current date and time.
    • Repeat after: Schedules the scan to recur periodically. Select the number of minutes, hours, and days to control how often the task repeats.
    • Time range: If you want the task to run between certain hours, select the start and end hours. The hours are in 24-hour (military) time format.
    • Weekly between: If you want the task to run between certain days of the week, select the start and end days.
    • Monthly between: If you want the task to run between certain dates of the month, set the start and end dates.
    • Minimum bandwidth: When configuring local scheduler commands, you can specify the minimum bandwidth criteria necessary for the task to execute. The bandwidth test consists of network traffic to the device you specify. When the time comes for the task to execute, each device running the local scheduler task will send a small amount of ICMP network traffic to the device you specify and evaluate the transfer performance. If the test target device isn't available, the task won't execute. You can select these minimum bandwidth options:
      • RAS: The task executes if the device's network connection to the target device is at least RAS or dialup speed, as detected through the networking API. Selecting this option generally means the task will always run if the device has a network connection of any sort.
      • WAN: The task executes if the device's connection to the target device is at least WAN speed. WAN speed is defined as a non-RAS connection that's slower than the LAN threshold.
      • LAN: The task executes when the device's connection to the target device exceeds the LAN speed settings. LAN speed is defined as anything greater than 262,144 bps by default. You can set the LAN threshold in agent configuration (Tools > Configuration > Agent Configuration > Bandwidth Detection page). Changes won't take effect until you deploy the updated configuration to devices.
      • To computer name: Identifies the computer that is used to test the device bandwidth. The test transmission is between a target device and this computer.
    • Machine state: If you want the task execution criteria to include a machine state, select one from the drop-down list.
    • Additional random delay once all other filters pass: If you want an additional random delay, use this option. If you select a random delay that extends beyond the time limits you configured for the task, the task may not run if the random value puts the task outside the configured time limits.
      • Delay up to: Select additional random delay you want.
      • And at least: If you want the task to wait at least a certain number of minutes before executing, select this option. For example, if you're scheduling an inventory scan, you could enter a five here so a computer has time to finish booting before the scan starts, improving the computer's responsiveness for the user.

About the Ivanti Antivirus Scheduled Tasks: Update page

Use this page to configure virus definition (pattern) file updates scheduling, user download options, and access options, for target devices with these antivirus settings. To schedule an update, select Update on the Scheduled Tasks page.

This page contains the following options:

  • Download "pilot" version of virus definition files: Download virus definition files from the pilot folder instead of from the default \LDLogon\Antivirus8\Win\BasesEP on the core server. Virus definitions in the pilot folder can be downloaded by a restricted set of users for the purpose of testing the virus definitions before deploying them to the entire network. When you create an antivirus scan task, you can also select to download the latest virus definitions updates, including those residing in the pilot test folder, then associate an antivirus settings with this option enabled to ensure that the test machines receive the latest known virus definition files. If this option is selected, virus definition files in the default folder ( \LDLogon\Antivirus8\Win\BasesEP) are not downloaded.
  • Download virus definition updates from: Specifies the source site (core server or Kaspersky content server) from which virus definition files are downloaded.
  •  Preferred server/Peer download options: Allows you to configure core server settings if you've selected one of the download source site options that includes the core.
    • Attempt peer download: Prevents virus definition file downloads via peer download (the local cache or a peer in the same multicast domain).
    • Attempt preferred server: Prevents virus definition file downloads via a preferred server. For more information about preferred servers, see About software distribution.
  • Bandwidth used from core or preferred server (WAN): Specifies the bandwidth used. You can move the slider or enter a value in the percentage box.
  • Bandwidth used peer-to-peer (Local): Specifies the bandwidth used. You can move the slider or enter a value in the percentage box.
  • Application update settings: Specifies whether to update application modules, not just pattern files.
    • Update application modules: Enables downloads of application module updates along with antivirus database updates. If selected, Ivanti Mac Antivirus includes application module updates in the update package when the application runs the update task. This option is selected by default.

 

About the Ivanti Antivirus Scheduled Tasks: Full Scan page

Use this page to configure the way Ivanti Antivirus performs full scans on target devices. To schedule a full scan, select Full Scan on the Scheduled Tasks page.

This page contains the following options:

  • Security Level: Specifies one of the three file security levels (High, Recommended, or Low).

    High: If the probability of computer infection is very high, select this file security level. Ivanti Antivirus scans all types of files. When scanning compound files, Ivanti Antivirus also scans mail-format files.

    Recommended: Ivanti Antivirus scans only the specified file formats on all hard drives, network drives, and removable storage media of the computer, and also embedded OLE objects. Ivanti Antivirus won't scan archives or installation packages.

    Low: Ensures maximum scanning speed. Ivanti Antivirus scans only new or modified files with the specified extensions on all hard drives, network drives, and removable storage media of the computer, and also embedded OLE objects. Ivanti Antivirus won't scan archives, installation packages, or compound files.

    •  Scope: You can expand or restrict the scan scope by adding or removing scan objects or by changing the type of files to be scanned. By default, a full scan includes system memory, startup objects, disk boot sectors, system backup storage, email, hard drives, and removable drives.
      • File types: Specifies whether to scan files by format, extension, or both. There are some file formats (such as .txt) for which the probability of intrusion of malicious code and its subsequent activation is quite low. At the same time, there are file formats that contain or may contain executable code (such as .exe, .dll, and .doc). The risk of intrusion and activation of malicious code in such files is quite high. An intruder may send a virus or another malicious program to your computer in an executable file that has been renamed with the .txt extension. If you select scanning of files by extension, such a file is skipped by the scan. If scanning of files by format is selected, then regardless of the extension, Ivanti Antivirus analyzes the file header. This analysis may reveal that the file is in .exe format. Such a file is thoroughly scanned for viruses and other malware.
      • Scan only new and changed files: Enables Ivanti Antivirus to scan only new files and files that have been modified since the previous scan.
      • Skip files that are scanned for longer than: Specifies in seconds the length of time to scan a file before skipping it.
      • Scan archives: Enables Ivanti Antivirus to scan RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE archives. On a full scan, this option is enabled by default.
      • Scan installation packages: Enables Ivanti Antivirus to scan installation packages. On a full scan, this option is enabled by default.
      • Scan embedded OLE objects: Enables Ivanti Antivirus to scan files that are embedded in another file (such as Microsoft® Office Excel® spreadsheets, macros that are embedded in Microsoft® Office Word® files, or email attachments). On a full scan, this option is enabled by default.
      • Parse email formats: Enables Ivanti Antivirus to parse email formats during the scan.
      • Scan password-protected archives: Enables Ivanti Antivirus to scan RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE archives that are password-protected.
      • Additional: Click this button to open the Compound files window, where you can specify whether to unpack compound files in the background and set a size limit for compound files.
    •  Additional: Specifies the method and technology Ivanti Antivirus will use during a full scan.
      • Scan methods: Heuristic analysis detects files that may be infected with an unknown virus. If Antivirus detects malicious code in a file during heuristic analysis, it will mark the file as probably infected. Move the slider along the horizontal axis to change the detail level for Heuristic Analysis. The detail level for Heuristic analysis sets the balance between the thoroughness of searching for new threats, the load on the resources of the operating system, and the duration of heuristic analysis. The following levels of detail of Heuristic analysis are available:
        • Light scan: Heuristic Analyzer doesn't perform all instructions in executable files while scanning. At this level of detail, the probability of detecting threats is lower than at the Medium scan and Deep scan levels. Scanning is faster and less resource-intensive.
        • Medium scan: When scanning, Heuristic Analyzer performs the number of instructions in executable files that is recommended by Ivanti. The medium scan detail level is selected by default.
        • Deep scan: When scanning for malicious code, Heuristic Analyzer performs more instructions in executable files than at the Light scan and Medium scan levels of heuristic analysis. At this level of detail, the probability of detecting threats is higher than at the Light scan and Medium scan levels. Scanning consumes more system resources and takes more time.
      • Scan technologies: Specifies the scan technologies that Ivanti Antivirus uses when scanning files. By default, the iChecker and iSwift technologies are mutually complementary. These technologies optimize the speed of scanning files by excluding files that have not been modified since the most recent scan.
  • Action: Specifies the action that Ivanti Antivirus performs if infected files are detected when scanning. Before attempting to disinfect or delete an infected file, Ivanti Antivirus creates a backup copy for subsequent restoration or disinfection.
    • Select action automatically: Ivanti Antivirus performs the default action that is specified by Ivanti. This action is 'Disinfect. Delete if disinfection fails.' This action is selected by default.
    • Perform actions: Ivanti Antivirus automatically attempts to disinfect all infected files that are detected. If disinfection fails, Ivanti Antivirus deletes those files.
      • Disinfect: Ivanti Antivirus automatically attempts to disinfect all infected files that are detected. Ivanti Antivirus applies the 'Delete' action to files that are part of the Windows Store application.
      • Delete if disinfection fails: Ivanti Antivirus automatically deletes all infected files that it detects.

 

About the Ivanti Antivirus Scheduled Tasks: Critical Areas Scan page

Use this page to configure the way Ivanti Antivirus performs critical areas scans on target devices. To schedule a critical areas scan, select Critical Areas Scan on the Scheduled Tasks page.

This page contains the following options:

  • Security Level: Specifies one of the three file security levels (High, Recommended, or Low).

    High: If the probability of computer infection is very high, select this file security level. Ivanti Antivirus scans all types of files. When scanning compound files, Ivanti Antivirus also scans mail-format files.

    Recommended: Ivanti Antivirus scans only the specified file formats on all hard drives, network drives, and removable storage media of the computer, and also embedded OLE objects. Ivanti Antivirus won't scan archives or installation packages.

    Low: Ensures maximum scanning speed. Ivanti Antivirus scans only new or modified files with the specified extensions on all hard drives, network drives, and removable storage media of the computer, and also embedded OLE objects. Ivanti Antivirus won't scan archives, installation packages, or compound files.

    •  Scope: You can expand or restrict the scan scope by adding or removing scan objects or by changing the type of files to be scanned. By default, a critical areas scan includes only system memory, startup objects, and disk boot sectors.
      • File types: Specifies whether to scan files by format, extension, or both. There are some file formats (such as .txt) for which the probability of intrusion of malicious code and its subsequent activation is quite low. At the same time, there are file formats that contain or may contain executable code (such as .exe, .dll, and .doc). The risk of intrusion and activation of malicious code in such files is quite high. An intruder may send a virus or another malicious program to your computer in an executable file that has been renamed with the .txt extension. If you select scanning of files by extension, such a file is skipped by the scan. If scanning of files by format is selected, then regardless of the extension, Ivanti Antivirus analyzes the file header. This analysis may reveal that the file is in .exe format. Such a file is thoroughly scanned for viruses and other malware.
      • Scan only new and changed files: Enables Ivanti Antivirus to scan only new files and files that have been modified since the previous scan.
      • Skip files that are scanned for longer than: Specifies in seconds the length of time to scan a file before skipping it.
      • Scan archives: Enables Ivanti Antivirus to scan RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE archives. On a critical areas scan, this option is disabled by default.
      • Scan installation packages: Enables Ivanti Antivirus to scan installation packages. On a critical areas scan, this option is disabled by default.
      • Scan embedded OLE objects: Enables Ivanti Antivirus to scan files that are embedded in another file (such as Microsoft® Office Excel® spreadsheets, macros that are embedded in Microsoft® Office Word® files, or email attachments). On a critical areas scan, this option is enabled by default.
      • Parse email formats: Enables Ivanti Antivirus to parse email formats during the scan. On a critical areas scan, this option is enabled by default.
      • Scan password-protected archives: Enables Ivanti Antivirus to scan RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE archives that are password-protected.
      • Additional: Click this button to open the Compound files window, where you can specify whether to unpack compound files in the background and set a size limit for compound files.
    •  Additional: Specifies the method and technology Ivanti Antivirus will use during a critical areas scan.
      • Scan methods: Heuristic analysis detects files that may be infected with an unknown virus. If Antivirus detects malicious code in a file during heuristic analysis, it will mark the file as probably infected. Move the slider along the horizontal axis to change the detail level for Heuristic Analysis. The detail level for Heuristic analysis sets the balance between the thoroughness of searching for new threats, the load on the resources of the operating system, and the duration of heuristic analysis. The following levels of detail of Heuristic analysis are available:
        • Light scan: Heuristic Analyzer doesn't perform all instructions in executable files while scanning. At this level of detail, the probability of detecting threats is lower than at the Medium scan and Deep scan levels. Scanning is faster and less resource-intensive.
        • Medium scan: When scanning, Heuristic Analyzer performs the number of instructions in executable files that is recommended by Ivanti.
        • Deep scan: When scanning for malicious code, Heuristic Analyzer performs more instructions in executable files than at the Light scan and Medium scan levels of heuristic analysis. At this level of detail, the probability of detecting threats is higher than at the Light scan and Medium scan levels. Scanning consumes more system resources and takes more time. For a critical areas scan, this is the default heuristic analysis level.
      • Scan technologies: Specifies the scan technologies that Ivanti Antivirus uses when scanning files. By default, the iChecker and iSwift technologies are mutually complementary. These technologies optimize the speed of scanning files by excluding files that have not been modified since the most recent scan.
  • Action: Specifies the action that Ivanti Antivirus performs if infected files are detected when scanning. Before attempting to disinfect or delete an infected file, Ivanti Antivirus creates a backup copy for subsequent restoration or disinfection.
    • Select action automatically: Ivanti Antivirus performs the default action that is specified by Ivanti. This action is 'Disinfect. Delete if disinfection fails.' This action is selected by default.
    • Perform actions: Ivanti Antivirus automatically attempts to disinfect all infected files that are detected. If disinfection fails, Ivanti Antivirus deletes those files.
      • Disinfect: Ivanti Antivirus automatically attempts to disinfect all infected files that are detected. Ivanti Antivirus applies the 'Delete' action to files that are part of the Windows Store application.
      • Delete if disinfection fails: Ivanti Antivirus automatically deletes all infected files that it detects.

 

About the Ivanti Antivirus Scheduled Tasks: Custom Scan page

Use this page to configure custom scans on target devices.

This page contains the following options:

  • Security Level: Specifies one of the three file security levels (High, Recommended, or Low).

    High: If the probability of computer infection is very high, select this file security level. Ivanti Antivirus scans all types of files. When scanning compound files, Ivanti Antivirus also scans mail-format files.

    Recommended: Ivanti Antivirus scans only the specified file formats on all hard drives, network drives, and removable storage media of the computer, and also embedded OLE objects. Ivanti Antivirus won't scan archives or installation packages.

    Low: Ensures maximum scanning speed. Ivanti Antivirus scans only new or modified files with the specified extensions on all hard drives, network drives, and removable storage media of the computer, and also embedded OLE objects. Ivanti Antivirus won't scan archives, installation packages, or compound files.

    •  Scope: You can expand or restrict the scan scope by adding or removing scan objects or by changing the type of files to be scanned.
      • File types: Specifies whether to scan files by format, extension, or both. There are some file formats (such as .txt) for which the probability of intrusion of malicious code and its subsequent activation is quite low. At the same time, there are file formats that contain or may contain executable code (such as .exe, .dll, and .doc). The risk of intrusion and activation of malicious code in such files is quite high. An intruder may send a virus or another malicious program to your computer in an executable file that has been renamed with the .txt extension. If you select scanning of files by extension, such a file is skipped by the scan. If scanning of files by format is selected, then regardless of the extension, Ivanti Antivirus analyzes the file header. This analysis may reveal that the file is in .exe format. Such a file is thoroughly scanned for viruses and other malware.
      • Scan only new and changed files: Enables Ivanti Antivirus to scan only new files and files that have been modified since the previous scan.
      • Skip files that are scanned for longer than: Specifies in seconds the length of time to scan a file before skipping it.
      • Scan archives: Enables Ivanti Antivirus to scan RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE archives.
      • Scan installation packages: Enables Ivanti Antivirus to scan installation packages.
      • Scan embedded OLE objects: Enables Ivanti Antivirus to scan files that are embedded in another file (such as Microsoft® Office Excel® spreadsheets, macros that are embedded in Microsoft® Office Word® files, or email attachments).
      • Parse email formats: Enables Ivanti Antivirus to parse email formats during the scan.
      • Scan password-protected archives: Enables Ivanti Antivirus to scan RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE archives that are password-protected.
      • Additional: Click this button to open the Compound files window, where you can specify whether to unpack compound files in the background and set a size limit for compound files.
    •  Additional: Specifies the method and technology Ivanti Antivirus will use during a custom scan.
      • Scan methods: Heuristic analysis detects files that may be infected with an unknown virus. If Antivirus detects malicious code in a file during heuristic analysis, it will mark the file as probably infected. Move the slider along the horizontal axis to change the detail level for Heuristic Analysis. The detail level for Heuristic analysis sets the balance between the thoroughness of searching for new threats, the load on the resources of the operating system, and the duration of heuristic analysis. The following levels of detail of Heuristic analysis are available:
        • Light scan: Heuristic Analyzer doesn't perform all instructions in executable files while scanning. At this level of detail, the probability of detecting threats is lower than at the Medium scan and Deep scan levels. Scanning is faster and less resource-intensive.
        • Medium scan: When scanning, Heuristic Analyzer performs the number of instructions in executable files that is recommended by Ivanti. The medium scan detail level is selected by default.
        • Deep scan: When scanning for malicious code, Heuristic Analyzer performs more instructions in executable files than at the Light scan and Medium scan levels of heuristic analysis. At this level of detail, the probability of detecting threats is higher than at the Light scan and Medium scan levels. Scanning consumes more system resources and takes more time.
      • Scan technologies: Specifies the scan technologies that Ivanti Antivirus uses when scanning files. By default, the iChecker and iSwift technologies are mutually complementary. These technologies optimize the speed of scanning files by excluding files that have not been modified since the most recent scan.
  • Action: Specifies the action that Ivanti Antivirus performs if infected files are detected when scanning. Before attempting to disinfect or delete an infected file, Ivanti Antivirus creates a backup copy for subsequent restoration or disinfection.
    • Select action automatically: Ivanti Antivirus performs the default action that is specified by Ivanti. This action is 'Disinfect. Delete if disinfection fails.' This action is selected by default.
    • Perform actions: Ivanti Antivirus automatically attempts to disinfect all infected files that are detected. If disinfection fails, Ivanti Antivirus deletes those files.
      • Disinfect: Ivanti Antivirus automatically attempts to disinfect all infected files that are detected. Ivanti Antivirus applies the 'Delete' action to files that are part of the Windows Store application.
      • Delete if disinfection fails: Ivanti Antivirus automatically deletes all infected files that it detects.

 

About the Ivanti Antivirus: Advanced settings page

Use this page to configure Ivanti Antivirus Advanced settings on target devices.

This page contains the following options:

  • Enable Self-Defense: Prevents alteration or deletion of application files on the hard drive, memory processes, and entries in the system registry.
  • Disable external management of the system service: Blocks any attempts to remotely manage Ivanti Antivirus. If an attempt is made to manage application services remotely, a notification is displayed in the Microsoft Windows taskbar, above the application icon (unless the notification service is disabled by the user).
  • Send dump and trace files to Ivanti for analysis: Sends dump and trace files to Ivanti, where the cause of the crashes will be examined. If you select this option, the Uploading support information to server window will open when Ivanti Antivirus restarts after a crash. In this window, you can select dump and trace files from the list and send them to Ivanti for examination.
  • Operating mode: Allows you to configure optimum energy and computer resource consumption in the operation of Ivanti Antivirus.
    • Do not start scheduled tasks while running on battery power: Computer scan tasks and database update tasks tend to consume considerable resources and take a long time to finish. This option enables energy conservation mode when a portable computer is running on battery power, which postpones scan and update tasks. The user can start scan and update tasks manually, if necessary.
    • Concede resources to other applications: When Ivanti Antivirus runs scheduled tasks, this may result in increased workload on the CPU and disk subsystems, which slows down the performance of other applications. This option suspends scheduled tasks when it detects an increased load on the CPU and frees up operating system resources for user applications.

About the Ivanti Antivirus Advanced settings: Reports and Storages page

Use this page to configure Ivanti Antivirus Advanced Reports and Storages settings on target devices.

This page contains the following options:

  • Reports parameters: Specifies the length of time to store a report and the maximum size of a report.
    • Store reports no longer than (days): Specifies the maximum report storage term in number of days. The default maximum storage term for reports is 30 days. After that period of time, Ivanti Antivirus automatically deletes the oldest entries from the report file.
    • Maximum file size (MB): Specifies the maximum report file size in megabytes. By default, the maximum file size is 1024 MB. To avoid exceeding the maximum report file size, Ivanti Antivirus automatically deletes the oldest entries from the report file when the maximum report file size is reached.
  • Local quarantine and backup settings: Allows you to configure quarantine and backup settings. The data storage comprises a quarantine catalog and a storage for backup copies of files.
    • Rescan quarantine after update: Enables automatic scanning of quarantined files after each update of the databases and application software modules of Ivanti Antivirus. If you select this option, Ivanti Antivirus starts a scan of quarantined files after every update of databases and application software modules.
    • Store objects no longer than: Specifies the maximum storage term for files in quarantine and copies of files in backup. The maximum file storage term is measured in days. The default maximum storage term for files is 30 days. After expiration of the maximum storage term, Ivanti Antivirus deletes the oldest files from Quarantine and Backup.
    • Maximum storage size: Specifies the maximum data storage size in megabytes. By default, the maximum size is 100 MB. To not exceed the maximum data storage size, Ivanti Antivirus automatically deletes the oldest files when the data storage reaches its maximum size.

About the Ivanti Antivirus Advanced settings: Interface page

Use this page to configure the Advanced Interface settings that Ivanti Antivirus will use on target devices.

This page contains the following options:

  • Show "Protected by Kaspersky Lab" on Microsoft Windows logon screen: Enables the "Protected by Kaspersky Lab" message on the Microsoft Windows logon screen. This option is selected by default. If the application is installed on a computer that runs Microsoft Windows 7 and newer, this option is unavailable.
  • Use icon animation while running tasks: Enables the animation of the application icon in the taskbar notification area of Microsoft Windows when tasks are running. This option is selected by default.

About the Ivanti Antivirus Advanced settings: Import Kaspersky settings page

Use this page to configure how Ivanti Antivirus will import Kaspersky settings on target devices.

This page contains the following options:

  • Import settings file from a Kaspersky antivirus client: Lets you import settings from a client machine. To import the settings, specify Kaspersky settings on a client and save the settings as a .CFG file. From the console, browse to the .CFG file. The options listed in the .CFG file will be set first and then any Ivanti Antivirus settings will be set. Note that Ivanti Antivirus will not look for a new .CFG update and auto-update it. You must manually update the .CFG file if you want to import different settings.
  • Current configuration imported from: The Browse button [...] opens the Select a previously saved Kaspersky configuration file window. Browse to the \ldlogon folder, click the .CFG file, then click Open.
  • Clear password after import: Enables users to change Kaspersky settings without the settings file password.
  • On date: The current date of the import.
  • Notes: Any notes about the .CFG file.

 

 

 


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other