Update virus definition files

Antivirus lets you download the most current virus definition files from the Ivanti® Endpoint Security for Endpoint Manager content servers. The virus signature database is updated several times a day in order to ensure you have all of the latest known virus definitions so that you can protect your managed devices from these rapidly evolving threats.

You can download virus definition file updates from the console, either immediately as a one-time task or as a regularly scheduled task.

Using Download Updates for virus definition files

Use Download updates (Security Configurations > Download Updates) to specify where definition files are copied. They can be stored in the default virus definition file repository where they are deployed to target devices, or in a pilot test folder, where they can be deployed to a limited scope of devices in order to test them before full deployment.

You can also access this dialog box directly when creating an Antivirus task.

NOTE: Deploying virus definition files to end user devices
The virus definition updates that you download can be deployed to end user devices remotely from the core server. From their own computer, users can also perform the task of updating virus definition files. By default they download files from their Ivanti core server. However, if they need to be able to download the latest virus definition updates while they're not connected to the network (for example, while traveling or using a laptop), you can provide the option of letting users download files directly from the Ivanti® Endpoint Security for Endpoint Manager content server via an Internet connection.

To download virus definition file updates
  1. Click Tools > Security and Compliance > Agent settings.
  2. Click the Download updates toolbar button. The dialog box opens to the Antivirus page. (You can also access the Download updates dialog box from the Patch and Compliance tool.)
  3. At the Updates page, select the update source site from the list of available content servers. Choose the one closest to your location.
  4. At the Updates page, select Antivirus Updates in the Definition types list. (You can select more than one definition type for a single download. However, you must have the corresponding Ivanti® Endpoint Security for Endpoint Manager content subscription. The more types you select, the longer the update will take.)
  5. At the Updates page, select the languages whose content you want to update for the types you've specified.
  6. If you want new content (content that does not already reside in any groups in the tree) to automatically be placed in the Unassigned group instead of the default location, which is the Scan group, select the Put new definitions in the Unassigned group check box.
  7. Now click Ivanti Antivirus to view the current status of virus definition files and to configure specific virus definition file updates settings.
  8. If you want virus definition files to be downloaded to the default repository on the core server (\LDLogon\Antivirus\Bases) where they can be deployed to target devices, click Immediately approve. However, if you want to first evaluate virus definition files, before deploying them to your managed devices, click Restrict definitions to a pilot test first. (You can also set an automatic approval time period, and minimum test period, to avoid having to do this manually after the test). If you choose to do a pilot test first, virus definition files are downloaded to a pilot test folder so that they are deployed to only those devices whose antivirus settings says to download the "pilot" version of definition files.
  9. If you want a pop-up message to display on the core server console when virus definition files have not been updated in the past seven days, click Show reminder dialog if definitions are out of date.
  10. If you want to download the latest definition files right now, click Get latest definitions. The Updating Definitions dialog box displays the current operation and status.
  11. If you want to approve virus definitions currently residing in the pilot test folder, click Approve now. This moves definition files from the pilot test folder to the default folder (\LDLogon\Antivirus\Bases).
  12. If you want to save a backup copy of the virus definition files currently residing in the Bases folder, select the Make backups option. You can restore definition file backups at any time. Backups are useful if you want to revert to an earlier virus definition file version. (Virus definition file backups are saved in separate folders named by the date and time they were created, under \LDLogon\Antivirus\Backups\)
  13. Click Download Now to download your selected security content updates. The Updating Definitions dialog displays the current operation and status. Or you can click the Schedule download button to create a scheduled task (see below).
  14. When the update has completed, click Close. Note that if you click Cancel before the update is finished, only the security content that has been processed to that point is downloaded to the core database. You would need to run the update again in order to obtain all of the remaining security content.

IMPORTANT: Whenever virus definition files are updated on managed devices, a mini-scan of memory processes runs on the device. This scan is performed to ensure that the processes running in memory at the time of the update are still clean.

Scheduling automatic virus definition file updates

You can also configure virus definition file updates as scheduled tasks to occur at a set time in the future, or as a recurring task.

To do this, configure security content download options in the Update downloads dialog box, making sure to select Ivanti Antivirus updates in the definition type list on the Updates tab, configure virus definition file options on the Ivanti Antivirus tab, and then click the Schedule Update button. The Scheduled update information dialog box shows task-specific settings for the task. Enter a name for the task, and then click OK to create a Download Security Content task in the Scheduled Tasks tool, where you can specify the scheduling options.

NOTE: Task-specific settings and global settings
Note that only the definition types, languages, and definition and patch download settings are saved and associated with a specific task when you create it. Those three settings are considered task specific. However, all of the settings on the other pages of the Download updates dialog box are global, meaning they apply to all subsequent security content download tasks. Global settings include: patch download location, proxy server, spyware autofix, security alerts, and antivirus. Any time you change a global settings it is effective for all security content download tasks from that point on.