Monday, November 14, 2011

(T3): Deploying Managed Anti-Virus

Deploying Managed Anti-Virus

Updated by David Ianetta

MSP RMM’s Managed Antivirus feature allows Managed Service Providers (MSPs) to make an antivirus security solution available to clients without an annual renewal contract. All management of the application, from deployment to threat remediation, is completed within the MSP RMM dashboard console.

What to know before deploying Managed Antivirus

If one of the supported antivirus software packages is discovered during installation, Managed Antivirus installation will first remove the competitive product if the policy is set as shown here.

The installer will be downloaded, either to the local machine or to the Site Concentrator if one exists.  For a list of supported antivirus packages, search your Help Contents from your dashboard.  Click this link to go directly, remembering to enter your dashboard credentials if prompted.
If an un-supported antivirus package exists on the machine, it must be fully removed prior to deploying MAV to assure no conflicts result.  Refer to our KB article for more information.
MAV can be enabled, configured, and removed at any time
By using the Dashboard Policy Settings, MAV is deployed to any client, site, and/or agent in your dashboard.  For fastest deployment, the policy setting can be enabled before an agent is even installed.  You can change the Protection Policy at any time on a MAV-protected agent as well.

During install MAV will immediately communicate to the dashboard
To complete the deployment of MAV, a reboot of the computer is required.  This is indicated by a blue dot in the Reboot column of your dashboard, and notice of reboot required is sent immediately after the installer finishes. It does not wait for the 24x7 Check scheduled time.

MAV installer and definition updates are downloaded to a Site Concentrator
If present or necessary, all components of MAV are downloaded to a central Site Concentrator.  A Site Concentrator is a Server Agent present in the same site as the MAV agent(s) and is configured in the Edit Site dialogue box of the Dashboard.  This Server Agent doesn’t have to have MAV installed itself – nor any other RemoteManagement feature for that matter!

The Site Concentrator will help save bandwidth over individual downloads to each agent.

Deployment Steps

Deployment of Managed Antivirus should be thoughtfully planned as with any software deployment.  The most important portion of that plan is allowing for possible multiple reboots of machines that don’t disturb the end users.  Once the primary deployment time is set, the following simple steps can be followed.  The first three steps in your deployment strategy can be in different order depending on the deployment scenario.  If rapid deployment isn’t necessary, or if a client doesn’t purchase MAV at the same time as they become a Managed Service client, step two can be done before step one.  If an existing antivirus package is not supported by MSP RMM, then step three must be done first.  If no previous antivirus package exists, obviously step three can be skipped.
  1. Enable MAV in Dashboard Policy
  2. Enable MAV using Settings - Managed Antivirus - Settings and apply at the Agent, Client, or Site level.  If individual agents need to have different settings, you can override the Dashboard Policy by editing the machine directly:  Edit or Server/Workstation menu - Edit Server/Workstation.
  3. Deploy the agent to the computers in the Site, along with a Site Concentrator (if necessary).  When the agent checks into the Dashboard, it will request the MAV installer be downloaded and run. 
  4. This request is made via the Site Concentrator if present.
  5. Once downloaded, the agent will run the installer if no traces of other antivirus is present.
  6. Uninstall any unsupported antivirus package if present, and ensure that the system is “clean” of any indications of the package.  Reboot as needed.
  7. MAV deployment will be automatic after the computer reboots from the antivirus uninstall.  In real time, the installation will update the dashboard and indicate that a reboot is necessary to complete the install.
  8. Reboot by any means necessary:
  • The “Reboot Now” command on the Server/Workstation menu will send a command to the agent the next time it checks in to reboot after a 5 minute delay.
  • Use the MSP RMM (Site Managed) Automated Tasks to schedule a reboot at a time after MAV is deployed.
  • Connect via Take Control if you’ve deployed it.  On the Actions menu select one of the reboot options
  • Manually at the machine itself.

Definition updates are downloaded and applied from the Site Concentrator or direct from the Internet to complete the installation
Configuration and Management

All Antivirus Settings are configured in the Dashboard via Protection Policies  
All scan schedules, exceptions, remediation options, end-user options are manipulated in the Managed Antivirus - Protection Policies templates . Several templates are preconfigured and available for use, based on computer roles and server operating systems.
Even if you edit the pre-existing Protection Policies for your own uses, the original templates will remain as a base for new, custom Protection Policies.
Threat and Quarantine management along with Scan History is managed via the Dashboard
Each agent that has MAV deployed will show 3 new tabs on it for Threats, Scans, and Quarantine management and monitoring.  Each agent with MAV deployed to it will have the following checks automatically added:

The Managed Antivirus Check is classified as a 24x7 check, but it reports to – and Alerts – the Dashboard in real time.  If MAV is deployed alone (following), there is no additional charge for these checks; only the per-seat charge for MAV is applied.

Stay tuned for "Naked MAV"