Lansweeper not detecting Windows Defender as AV on Server 2016

Anthony_TMEIC · ‎04-12-2018

I recently built a new server using Windows 2016 running only the built-in Windows Defender as Anti-Virus but it gets flagged as no AV installed. Does Lansweeper not detect Defender or do I need to change some setting?

Glenn_Gagne · ‎02-03-2023

Hi,

We are facing the same issue. Our company decided to migrate our antivirus solution through Microsoft Defender since some months.

I understand Lansweeper use 2 methods to detect antivirus:

WMI classes
Specific string search in installed software list

But like it explained, Windows Server OS don't provide these WMI classes. For Windows Server 2012 R2 and older platform the antivirus was a standalon package (software) named SCEP. For Windows Server 2016 and newer platform it's a builtin functionnality.

Now, it's complicated to determine if our servers are correctly protected by an antivirus using Lansweeper reports. Does you plan to improve AV detection methods to include this specific situation with Windows Defender ?

It's ironic because we can detect the Microsoft Defender for Linux and MacOS antivirus with Lansweeper inventory... but not for Microsoft Servers...

grimstar · ‎01-08-2020

I remember this question being answered in this thread -

https://www.lansweeper.com/forum/yaf_postst19023_Windows-Defender-AV.aspx#post61394

The WMI class that is used to represent the installation of antivirus is not present in the server operating system. Effectively there is nothing available for Lansweeper to query like it does with the non-server operating systems.

cscherrey · ‎05-17-2019

Any news on these improved AV scanning updates? I'm moving to Windows Defender on Server OS but Lansweeper shows No AV installed. I know Lansweeper uses WMI. Maybe include powershell so you can get more detail. For example:

Invoke-Command -ComputerName server01 {Get-MpComputerStatus | Select-Object -Property Antivirusenabled,AMServiceEnabled,AntispywareEnabled,BehaviorMonitorEnabled,IoavProtectionEnabled,NISEnabled,OnAccessProtectionEnabled,RealTimeProtectionEnabled,AntivirusSignatureLastUpdated}

You get an output of the remote PC about the health/status of Defender if it's running.

spgs · ‎01-07-2020

Any more regarding this issue?

Only some Server 2016 & 2019 are like that. But few (also with Defender) seem to be scanned OK

Esben_D · ‎05-02-2018

I've linked it to the corresponding feature request. At the moment it is planned to be tackled with the other AV scanning improvements. Since some users don't want Windows Defender to be seen as an AV (because they use other software) and some do, it is not as straight forward.

AZHockeyNut · ‎05-02-2018

Charles.X wrote:
I've linked it to the corresponding feature request. At the moment it is planned to be tackled with the other AV scanning improvements. Since some users don't want Windows Defender to be seen as an AV (because they use other software) and some do, it is not as straight forward.

As an FYI I checked my 2019 test server and Lansweeper does not identify Antivirus there either. It shows the same as 2016 so whatever the "fix" is that Charles mentions, it should address both of those I would imagine.

bandersen · ‎04-30-2018

Are there plans to update this in a future release of Lansweeper? This throws off reporting and will only become an increased issue as Server 2016 becomes more prevalent in our environment.

Esben_D · ‎04-13-2018

For Windows Defender on Windows Server 2016 in particular, Windows Defender is no longer seen as an installable application but as a feature. You can check if Windows Defender is installed under Software\Features on a Windows Server 2016 asset's web page as seen in the screenshot below. Unfortunately, this will cause for Lansweeper not being able to detect Windows Defender for Windows Server 2016 as an installed Antivirus.

Lansweeper not detecting Windows Defender as AV on Server 2016

New to Lansweeper?

Try Lansweeper For Free