Configuring General Settings for a Shavlik Protect Agent Policy

There are a number of general settings to configure for a Shavlik Protect Agent policy. You must configure these settings before installing the agents on the desired target machines.

 

See an icon in the notification area

The agents can be configured to run invisibly on each target machine, or you can elect to install an icon in the notification area of each machine that provides the users of the machines a certain amount of control over the service.

  • If you want to allow users to control certain aspects of the Shavlik Protect Agent service, enable this option. Users will be able to launch the client-based program by double-clicking the icon.

  • If you do not enable this option, the icon will not appear in the notification area and the agent interface will not run unless it is launched by the user. When the agent interface is run the user will have no control other than to watch what is happening. No Active Protection prompts will be displayed even if they are enabled in the policy.

Note: The notification area icon will not be visible on the target machine for any currently logged on user until the next time the user logs on, or if the user starts the Shavlik Protect Agent program using the Windows Start menu.

Perform manual operations

Enables a user on a target machine to manually initiate an operation such as a patch or threat scan.

Cancel operations

Enables a user on a target machine to stop an operation that is in progress.

Manage quarantine

Enables a user to delete or restore items contained in the quarantine directory. The quarantine directory is used to temporarily store files suspected of containing threats (spyware, viruses, etc.).

Temporarily suspend Active Protection

Enables a user on a target machine to temporarily suspend Active Protection for 5, 15, 30, or 60 minutes.

Disable Active Protection

Enables a user on a target machine to permanently disable the Active Protection service. If a user permanently disables Active Protection the service will remain running but no Active Protection tasks will be performed.

If this check box is not enabled, the user will still have the option to temporarily suspend Active Protection for 5, 15, 30, or 60 minutes.

Turn off notification when Active Protection blocks known risks

Enables a user on a target machine to turn off the notification messages that are issued whenever the Active Protection process detects a known bad risk and places a file into quarantine.

Logging Level

Specify the amount of logging you want the agent to perform. The options are:

  • Basic: Records Error, Informational, and Warning message types in the log. This is the default value.

  • All: Records Error, Informational, Warning, and Verbose message types in the log. Logging all message types is typically only necessary when performing troubleshooting tasks.

The log files will reside on each agent machine in the following location:

  • On Windows Vista and other newer operating systems the files are stored in the C:\ProgramData\LANDesk\Shavlik Protect\Logs directory.

  • On earlier Windows operating systems like Windows XP the files are in the C:\Documents and Settings\All Users\Application Data\LANDesk\Shavlik Protect\Logs directory.

Maximum log size

Specify the maximum log size. Specifying a very large log size will enable you to record a longer log history but it will of course require more system resources. The default value is 5 MB.

If the log file becomes full a new log file is opened and logging will continue. If the second log file becomes full, the first log file is deleted and a new log file will be created. This means there will always be a maximum of two log files on the console.

Check-In Interval

Specifies how often the agents will check in (synchronize) with the console. At each check-in the agent refreshes its license and looks for any policy changes. It also checks if it is assigned a distribution server. If it is assigned a distribution server it will use it to download the latest scan engines and XML data files. If it is not assigned to a distribution server then the agent downloads the engines and data files from the Web. If an agent machine is offline when the next check-in interval occurs, the agent will immediately check in when network connectivity is restored.

Note: Agent licenses must be refreshed at least once every 45 days or they will expire.

  • Minutes: Use this option if you want the agents to check in more than once a day, or if you don't care what time of day the agents will check in with the console and with the distribution server. Valid values are from 1 - 600 minutes.

  • Days: Use this option to specify the number of days between check-ins. You can also use this option to specify a specific time of day for the check-in (for example, late at night when there is more network bandwidth available).

  • Distribute check-ins over MM minutes: Staggers the exact time the agents will check-in so as not to overtax the console (and the default Web site or the optional distribution server) with simultaneous requests.

Engine and Data Download Location

Specifies if a distribution server will be used by the agents when downloading the latest scan engines and XML data files. The agents will look for updated files every time they perform a scan. The available options are:

  • Vendor over Internet: Specifies that the agents will download the latest scan engines and XML data files from the default Web sites. A distribution server will not be used.

  • Distribution Server: Specifies that a distribution server will be used. You must specify which server(s) to use.

Note: If the agents are being used to deploy custom patches then you must specify the use of a distribution server. This is because there is no download URL for custom patches, meaning the agents cannot pull the custom patches from a vendor and must therefore be able to pull them from one or more distribution servers.

Also Note: If you will be configuring an agent policy that contains a threat task it is strongly recommended that you use a distribution server. The threat definition file is rather large and using a distribution server to store the file will greatly improve the download performance for your agents.

  • Specific: You can select the name of an existing distribution server. You must have previously configured one or more distribution servers in order for the names to be pre-populated in this box. For more information see Configuring Distribution Servers.

  • By Agent IP range: If you have multiple distribution servers defined for your network, each distribution server is typically assigned to service a particular IP address range. The distribution server used when downloading files to a target machine will be determined by the target machine's IP address. See Assigning IP Addresses to Servers for more details.

  • Use vendor as backup source: If the designated distribution server is not available, the agent will download the latest scan engines and XML data files from the default Web sites.

Network

 

  • Sync with the Protect Cloud: Specifies that the agent will have the option to use Protect Cloud to retrieve the latest agent policy information, enabling it to perform synchronization via the cloud. This check box is only available if your console is registered with Protect Cloud. When you click Save and update Agents, a copy of the agent policy and all necessary components will be written to the Protect Cloud service.

  • Agent listens for updates on port: Specifies that the agent will listen to the console for policy updates. If an agent's policy is updated, or if it is assigned a different policy, the console will issue a "check in now" command to the agent. The agent will immediately download the new or updated policy from the console. Only agent machines that are online and able to communicate with the console will be able to receive the command.

  • Port: Specifies the port used by the agent on the target machine when communicating with the Shavlik Protect console. The default value is 4155.

  • Internet proxy credentials: If the agent machines must authenticate themselves to a proxy server when accessing the Internet, you must provide the proper credentials to the agents. Select the credential (the domain\username and password pair) used to authenticate the agent to the proxy server. To define a new credential click New.

Note: Only shared credentials are contained in this list. If the credential you are looking for is not listed it probably means it is not defined as a shared credential. See Defining Credentials for information on how to share a credential.

Save and update Agents

Saves all changes to the policy file and stores it on the console. Also updates any agent machines that are currently assigned this policy as follows:

  • If an agent machine is online and configured to listen for policy updates, the updated policy will be pushed out to that machine immediately.

  • If an agent machine is online but is not configured to listen for policy updates, the updated policy will be pushed out the next time the agent checks in with the console.

  • If an agent machine is not currently online, the updated policy will be pushed out the next time the agent checks in with the console.

The Agent Policy Editor will be closed.

Cancel

Indicates you want to exit the Agent Policy Editor without saving your most recent changes. A "Do you want to save your changes?" prompt will appear that gives you a second chance to save your changes. If you click Yes the policy will be saved and the associated agents updated (the same as Save and Update Agents).  If you click No the Agent Policy Editor will be closed without saving your changes.