cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
RTI_IT
Champion Sweeper
We had Kaspersky 8 on all of our machines but the admin center for it was lost so they are now all unprotected. We are working to deploy ver 10 in its place. Under Config/Anti Virus I changed ours to read %Security 10 but its not updating. See examples below. Is there a way to reset it?

Pic 1 is showing the current approved list
Pic 2 is showing the current report for Workstation: All workstations without Anti-virus software.
Pic 3 is showing a computer that is not on the report but should be.

Thanks
Ed
1 ACCEPTED SOLUTION
Hemoco
Lansweeper Alumni
FYI: development informs us that an alternative solution would be to:
- Clear the AntiVirusProduct WMI class by running the script attached to this post on the client machine. (Change the file extension from .txt to .vbs.)
- Reboot the client machine.
- Rescan the client machine.

You could create a group policy to automatically run this script on your machines. Do test it thoroughly before deploying it though. This script is not guaranteed to be free of bugs and is run at your own risk.

View solution in original post

5 REPLIES 5
RTI_IT
Champion Sweeper
This looks promising! I just ran it on half a dozen computers and it worked flawlessly. I have added it to our logon script and will have a final answer on Monday.

Thank you for providing this, I think it will be a big help!
Hemoco
Lansweeper Alumni
FYI: development informs us that an alternative solution would be to:
- Clear the AntiVirusProduct WMI class by running the script attached to this post on the client machine. (Change the file extension from .txt to .vbs.)
- Reboot the client machine.
- Rescan the client machine.

You could create a group policy to automatically run this script on your machines. Do test it thoroughly before deploying it though. This script is not guaranteed to be free of bugs and is run at your own risk.
Hemoco
Lansweeper Alumni
The WMI check was added because many anti-virus software packages are not listed under Add/Remove Programs and therefore not detected by the old anti-virus check.

Making the WMI check optional doesn't seem entirely necessary, as you can simply exclude the anti-virus software detected through WMI from your reports. It's stored in a separate database table, so this is quite easy to do. We may add some additional built-in reports for this in a next release, if requested by more customers. Note that you can identify anti-virus software pulled from WMI on individual computer webpages as well. If the package has a little "bug" icon in front of it, it was pulled from WMI. If it has a plain software icon, it was detected by comparing scanned software with the anti-virus list.
RTI_IT
Champion Sweeper
Thank you for providing a workaround. Is there a plan in place to change the way AV scanning works? This new method is horrible for company's that actually want all their computers on a certain brand / version. Using WMI would mean that LS would consider a new out the box computer with a 90 day trail of _____ protected when really in the eyes of the IT dept that computer is NOT in compliance with their standards.

Basically if its not on the approved software list I don't want it on their computer.

If anything WMI ant virus scanning should be an option, not a mandate.

Ed
Hemoco
Lansweeper Alumni
The latest Lansweeper releases don't just identify anti-virus software based on a comparison between scanned software and the anti-virus list. They also pull anti-virus software from WMI, specifically from the AntiVirusProduct WMI class. The Antivirus section of your computer's Software tab shows anti-virus software pulled from WMI, which is why the machine is deemed to have anti-virus software installed. Modifying the anti-virus list will have no impact on the machine's anti-virus status, as the anti-virus item listed on the computer page is pulled from WMI.

The first thing you should do is rescan the machine by clicking the Assets link at the top of the web console, ticking the checkbox in front of the asset and hitting the Rescan button on the left. If the anti-virus software is still listed after rescanning, it is still stored in WMI and what Lansweeper is reporting is technically "correct". WMI is saying that there's anti-virus software. A "solution" to this problem would be to exclude anti-virus software detected through WMI from your report, i.e. by removing this from the query:
And tblAssets.AssetID Not In (Select
tblAntivirus.AssetID
From tblAntivirus)