False Positives
It may be possible to get Antivirus pattern file content that contains a virus signature that will incorrectly detect malware within a file that in actuality does not contain malware. This is known as a false positive.
In the event that this causes downtime due to application or operating system distruption, the following steps should be taken to update the pattern files to known good content.
Download the latest Antivirus pattern files to the core server or restore an older version of pattern files on the core server.
1. in the Security and Patch Manager tool, click the "Download Updates" icon.
2. Select the LANDesk Antivirus tab.
3. Chances are the issue has been resolved with an update to the pattern files. You should try the latest version of the pattern files first. You can get the latest version of the pattern files by clicking "Get latest definitions". In the event that the issue has not yet been been fixed, you can restore an older version of the antivirus pattern files. Do this by selecting an older set of pattern files under "History" and then clicking "Restore".
Once either newer pattern files or older pattern files that do not contain the bad pattern file content that is causing the false postive are set to the active "approved for distribution" pattern files, the clients must be updated. See the following steps.
Updating the pattern files on the clients
After the pattern files are updated or restored on the core server, a pattern file update and full system scan should be run on the affected clients.
1. In the Security and Patch Manager window click on the "Create a task" icon.
2. Select "LANDesk Antivirus scan"
3. Create a Scheduled Task to update the virus pattern files and then run a full system scan as pictured below:
4. This will create a Scheduled Task and will open up the Scheduled Tasks window.
5. Drag the desired clients onto the task.
6. Right-click the task and select "Start now".
Using the Pilot feature to minimize the impact of False Positives
Using the Pilot feature for that Antivirus pattern files can minimize the impact of a False Positive issue.
The tradeoff to using the Pilot feature, is you have a further delay in getting the latest definitions out to your broader base of clients.
The following explains the Pilot feature and how to set it up in your environment:
Screenshot taken from the Download Updates, LANDesk Antivirus tab.
When downloading Virus definitions, you have the option to place downloaded definitions into a Pilot test state and then release them to the general populace of clients after a set period. This allows you to assign certain computers (possibly the IT group?) to download Pilot test definitions first, and then after a period of 1 day those definitions are released to the remainder of computers in the environment.
The current definitions in pilot will be listed in the section "Virus definitions currently in pilot testing", and those that are approved for general distribution are listed in the section "Virus definitions approved for distribution".
In order to set specific computers to use the Pilot test definitions, you need to create a new Antivirus Setting and apply that setting to the Pilot group.
1. To create a new Antivirus Setting, click the dropdown by the "Configure Settings" icon in Security and Patch Manager and then select "LANDesk Antivirus Settings"
2. Either edit an existing setting, or create a new setting (Select an existing setting and click "Edit" or click "New")
3. Go to the "Virus definition updates" section and check the box marked "Download 'pilot' version of virus definition files"
4. Go through the other sections and make your desired selections.
At this point you can either choose the Antivirus Settings when you are pushing out your agent, or you can push the updated settings to your clients using a "Change Settings" task
To create a changed settings task to change Antivirus Settings
1. Click the "Create a Task" in Security and Patch Manager and select "Change Settings"
2. Choose "Scheduled Task" or "Create a policy" and then select the Antivirus Settings that contain the "Download pilot version of definition files" option and click [OK].
3. This will create a Scheduled Task with the name you specified for the Change Settings task.
4. You can now drag the target computers to this task and start it at the desired time.