This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Bitdefender machine showing AV Disabled

acooney
Engaged Sweeper II

‎02-21-2018 03:42 PM

I have one desktop that is showing Bit Defender as disabled in Lansweeper. The machine itself and the Bit Defender console are showing this machine as having active Bit Defender. What does Lansweeper check to see if the AV is enabled or disabled? We have tried rebooting the machine and restarting the services.

10:30 Edit:

I'm now getting more machines doing this.
Labels:
0 Kudos
5 REPLIES 5
acooney
Engaged Sweeper II

‎02-21-2018 09:55 PM

so one of the machines is showing productState : 262144, another is showing productState : 266240.

It is odd that both are showing as fine, and are able to run AV scans though... I'm asking our security team to look further into it.
0 Kudos
acooney
Engaged Sweeper II

‎02-21-2018 05:22 PM

Thank you. I will give that a try.
0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee

‎02-21-2018 05:05 PM

Looks to me like the WMI class says it is disabled.

What you can try is run the following command on the local machine in powershell:

Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct


Then you can compare the result of productState to the following list:
  • "262144" {status = "Up to date" ;status = "Disabled"}
  • "262160" {status = "Out of date" ;status = "Disabled"}
  • "266240" {status = "Up to date" ;status = "Enabled"}
  • "266256" {status = "Out of date" ;status = "Enabled"}
  • "393216" {status = "Up to date" ;status = "Disabled"}
  • "393232" {status = "Out of date" ;status = "Disabled"}
  • "393488" {status = "Out of date" ;status = "Disabled"}
  • "397312" {status = "Up to date" ;status = "Enabled"}
  • "397328" {status = "Out of date" ;status = "Enabled"}
  • "397584" {status = "Out of date" ;status = "Enabled"}
0 Kudos
acooney
Engaged Sweeper II

‎02-21-2018 04:34 PM

Charles:

I'm attaching screenshots of the AV screens on these devices. These are Windows 7 and Windows 10 desktop machines.



lansweeperAV2.PNG
Preview file
9 KB
lansweeperAV1.PNG
Preview file
5 KB
0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee

‎02-21-2018 04:30 PM

You can find a general explanation of AV scanning here: https://www.lansweeper.com/kb/123/managing-anti-virus-software-reports.html

  • Firstly, Lansweeper can retrieve antivirus information and status from the WMI (Windows Management Instrumentation) protocol on your Windows computers. Keep in mind that the WMI class that stores the antivirus information and status does not exist on Windows servers, which makes it impossible to detect the status (enabled/disabled and up to date or not) of anti-virus packages on Windows servers. You can identify anti-virus records pulled from WMI based on the little "bug" icon.

  • Alternatively, when your anti-virus software can't be found in WMI, Lansweeper also looks at the software list in the Software tab of a computer's web page (which mimics Add/Remove Programs) and verifies whether an installed software package is part of the list of known anti-virus software found in the web console under Software\Anti-Virus Settings. Keep in mind that you will not be able to get a status (enabled/disabled and up to date or not) via this method.
    The fact that your antivirus software is showing as not up to date, means that the status is stored as such in WMI. As Lansweeper pulls this information from WMI there is no way to manipulate this status.
0 Kudos

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
Top