Greetings, fellow Landesk admins!
My employer has Landesk 8.8 SP3 and we have started to enforce regular spyware scans. I would like to share my settings and user feedback to solicit comments/advice from my Landesk admin peers in this forum.
The Landesk population in my company are largely composed of laptops which frequently moves in and out of my internal network. So, policy-based tasks and ldbroker configuration have been utilized. I have created a specific scan and repair setting for spyware type and enabled autofix. A security scan is created using this spyware scan-repair with a push-policy deployment method (with required and periodic settings). I've allowed a generous amount of snoozes to allow users to delay the scan towards the end of the day. Reboots can also be snoozed for a few more hours. Missed snooze requests are automatically snoozed. At the end of the snooze limit, scans/reboots automatically execute.
I have also updated my Landesk clients to the latest service pack as well as the latest hotifx/patch for spyware scanner version (as well as some beta patches to address scanning failures).
Here are some of the user feedback that I've collected as a result of the recently enforced spyware scanning.
- computing performance degradation - spyware scanning appears to target the entire filesystem during which time the disk utilization is very high despite low processor usage. When users choose to run the scan while working on other tasks, they become unhappy with the slow response.
- snooze is good but could be better - the snoozes can delay the task to temporarily get it out of the way of the busy user. However, my users would like the additional flexibility to snooze it for max of X hours, i.e., schedule it to run on their own schedule, as well as being able to recall the task in case they change their mind. I am tempted to write and deploy an hta script that creates the task and inserts it into the Landesk scheduler as well as create a shortcut to run the scheduled item.
- policy-based tasks can get messy - The core status for the device and the device's local client database sometimes get out of sync. When I remove devices from a policy-based task (to remove devices that have reported spyware scanner failures), the same devices can re-enroll themselves back into task. The alternative is a pure push task but my external Landesk clients will not receive the task to process it so the net effect is lower. I've written the usual fix, ie, clientdb deletion/recreation/validation, deletion of xml files, and running policy sync and invoker, into a vbscript so that my helpdesk can execute the troubleshooting steps precisely and swiftly.
Do you run regular spyware scans? How have you configured your spyware scan such that user acceptance is better than my description?
Thank you in advance for the comments and advice.