Lansweeper incorrectly reporting antivirus as not enabled and outdated

donald_walker · ‎03-15-2018

We use McAfee antivirus in our environment and have a report that generates daily to let us know if any systems did not update or if, for some reason, are disabled. This has been working great until recently. I am finding that my Windows 10 machines are incorrectly reporting that McAfee is both disabled AND outdated. I have confirmed on all of the systems that this is incorrect. AV is enabled and updated. Help? Anything is greatly appreciated.

stanislav_tsenk · ‎03-24-2020

Hi. The problem with McAfee and Windows Security Center is resolvable. Just run over CMD

C:\Program Files\McAfee\Agent>cmdagent.exe /s

Ian_F · ‎03-21-2018

As far as I know this is still correct as Lansweeper depends upon Windows Security Center (WSC) on the operating system to detect the status of the antivirus software. It is quite similar to this: https://support.microsoft.com/en-us/help/3190315/outlook-trust-center-shows-your-antivirus-status-as-unavailable-this-v

AZHockeyNut · ‎03-20-2018

@Ian.F is that statement still correct?

. Keep in mind that the WMI class that stores the antivirus information and status does not exist on Windows servers, which makes it impossible to detect the status

with the release of Windows Server 2016 (which has the same AV as Windows 10)

I have not looked at that class yet but your reply got me thinking.

Ian_F · ‎03-19-2018

Lansweeper pulls antivirus information from assets in two distinct ways, as documented here: https://www.lansweeper.com/kb/123/managing-anti-virus-software-reports.html

Lansweeper can retrieve antivirus information and status from the WMI (Windows Management Instrumentation) protocol on your Windows computers. Keep in mind that the WMI class that stores the antivirus information and status does not exist on Windows servers, which makes it impossible to detect the status (enabled/disabled and up to date or not) of anti-virus packages on Windows servers. You can identify anti-virus records pulled from WMI based on the little "bug" icon.
When your anti-virus software can't be found in WMI, Lansweeper also looks at the software list in the Software tab of a computer's web page (which mimics Add/Remove Programs) and verifies whether an installed software package is part of the list of known anti-virus software found in the web console under Software\Anti-Virus Settings. Keep in mind that you will not be able to get a status (enabled/disabled and up to date or not) via this method.

So if the status is showing as Disabled and Outdated, your scan is either outdated or the information is not stored correctly in WMI on the affected Windows machine. Please try following steps to resolve the issue:

Rescan the affected Windows machines by going to their asset page and using the rescan option in the left-hand pane. This will initiate a full rescan of the asset.
If the status is still showing as Disabled and Outdated, WMI might be corrupted on the affected Windows machines. In that case, we recommend following the steps in the following forum topic on how to rebuild the antivirus WMI class: https://www.lansweeper.com/Forum/yaf_postst9878_Delete-Antivirus-WMI.aspx#post38305. Make sure to reboot the affected Windows machine afterward and rescan the machine again.

Lansweeper incorrectly reporting antivirus as not enabled and outdated

New to Lansweeper?

Try Lansweeper For Free