cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
donald_walker
Engaged Sweeper II
We use McAfee antivirus in our environment and have a report that generates daily to let us know if any systems did not update or if, for some reason, are disabled. This has been working great until recently. I am finding that my Windows 10 machines are incorrectly reporting that McAfee is both disabled AND outdated. I have confirmed on all of the systems that this is incorrect. AV is enabled and updated. Help? Anything is greatly appreciated.
4 REPLIES 4
stanislav_tsenk
Engaged Sweeper II
Hi. The problem with McAfee and Windows Security Center is resolvable. Just run over CMD
C:\Program Files\McAfee\Agent>cmdagent.exe /s

Ian_F
Lansweeper Alumni
As far as I know this is still correct as Lansweeper depends upon Windows Security Center (WSC) on the operating system to detect the status of the antivirus software. It is quite similar to this: https://support.microsoft.com/en-us/help/3190315/outlook-trust-center-shows-your-antivirus-status-as-unavailable-this-v
AZHockeyNut
Champion Sweeper III
@Ian.F is that statement still correct?
. Keep in mind that the WMI class that stores the antivirus information and status does not exist on Windows servers, which makes it impossible to detect the status
with the release of Windows Server 2016 (which has the same AV as Windows 10)

I have not looked at that class yet but your reply got me thinking.
Ian_F
Lansweeper Alumni
Lansweeper pulls antivirus information from assets in two distinct ways, as documented here: https://www.lansweeper.com/kb/123/managing-anti-virus-software-reports.html
  • Lansweeper can retrieve antivirus information and status from the WMI (Windows Management Instrumentation) protocol on your Windows computers. Keep in mind that the WMI class that stores the antivirus information and status does not exist on Windows servers, which makes it impossible to detect the status (enabled/disabled and up to date or not) of anti-virus packages on Windows servers. You can identify anti-virus records pulled from WMI based on the little "bug" icon.
  • When your anti-virus software can't be found in WMI, Lansweeper also looks at the software list in the Software tab of a computer's web page (which mimics Add/Remove Programs) and verifies whether an installed software package is part of the list of known anti-virus software found in the web console under Software\Anti-Virus Settings. Keep in mind that you will not be able to get a status (enabled/disabled and up to date or not) via this method.
So if the status is showing as Disabled and Outdated, your scan is either outdated or the information is not stored correctly in WMI on the affected Windows machine. Please try following steps to resolve the issue:
  • Rescan the affected Windows machines by going to their asset page and using the rescan option in the left-hand pane. This will initiate a full rescan of the asset.
  • If the status is still showing as Disabled and Outdated, WMI might be corrupted on the affected Windows machines. In that case, we recommend following the steps in the following forum topic on how to rebuild the antivirus WMI class: https://www.lansweeper.com/Forum/yaf_postst9878_Delete-Antivirus-WMI.aspx#post38305. Make sure to reboot the affected Windows machine afterward and rescan the machine again.