→ The Lansweeper Customer Excellence Awards 2024 - Submit Your Project Now! Learn More & Enter Here

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anthony_TMEIC
Engaged Sweeper II
I recently built a new server using Windows 2016 running only the built-in Windows Defender as Anti-Virus but it gets flagged as no AV installed. Does Lansweeper not detect Defender or do I need to change some setting?
8 REPLIES 8
Glenn_Gagne
Engaged Sweeper III

Hi,

We are facing the same issue. Our company decided to migrate our antivirus solution through Microsoft Defender since some months.

I understand Lansweeper use 2 methods to detect antivirus:

  • WMI classes
  • Specific string search in installed software list

But like it explained, Windows Server OS don't provide these WMI classes. For Windows Server 2012 R2 and older platform the antivirus was a standalon package (software) named SCEP. For Windows Server 2016 and newer platform it's a builtin functionnality.

Now, it's complicated to determine if our servers are correctly protected by an antivirus using Lansweeper reports. Does you plan to improve AV detection methods to include this specific situation with Windows Defender ?

It's ironic because we can detect the Microsoft Defender for Linux and MacOS antivirus with Lansweeper inventory... but not for Microsoft Servers...

grimstar
Champion Sweeper II
I remember this question being answered in this thread -

https://www.lansweeper.com/forum/yaf_postst19023_Windows-Defender-AV.aspx#post61394

The WMI class that is used to represent the installation of antivirus is not present in the server operating system. Effectively there is nothing available for Lansweeper to query like it does with the non-server operating systems.
cscherrey
Engaged Sweeper III
Any news on these improved AV scanning updates? I'm moving to Windows Defender on Server OS but Lansweeper shows No AV installed. I know Lansweeper uses WMI. Maybe include powershell so you can get more detail. For example:

Invoke-Command -ComputerName server01 {Get-MpComputerStatus | Select-Object -Property Antivirusenabled,AMServiceEnabled,AntispywareEnabled,BehaviorMonitorEnabled,IoavProtectionEnabled,NISEnabled,OnAccessProtectionEnabled,RealTimeProtectionEnabled,AntivirusSignatureLastUpdated}

You get an output of the remote PC about the health/status of Defender if it's running.

spgs
Engaged Sweeper II
Any more regarding this issue?

Only some Server 2016 & 2019 are like that. But few (also with Defender) seem to be scanned OK
Esben_D
Lansweeper Employee
Lansweeper Employee
I've linked it to the corresponding feature request. At the moment it is planned to be tackled with the other AV scanning improvements. Since some users don't want Windows Defender to be seen as an AV (because they use other software) and some do, it is not as straight forward.
AZHockeyNut
Champion Sweeper III
Charles.X wrote:
I've linked it to the corresponding feature request. At the moment it is planned to be tackled with the other AV scanning improvements. Since some users don't want Windows Defender to be seen as an AV (because they use other software) and some do, it is not as straight forward.


As an FYI I checked my 2019 test server and Lansweeper does not identify Antivirus there either. It shows the same as 2016 so whatever the "fix" is that Charles mentions, it should address both of those I would imagine.
bandersen
Engaged Sweeper II
Are there plans to update this in a future release of Lansweeper? This throws off reporting and will only become an increased issue as Server 2016 becomes more prevalent in our environment.
Esben_D
Lansweeper Employee
Lansweeper Employee
For Windows Defender on Windows Server 2016 in particular, Windows Defender is no longer seen as an installable application but as a feature. You can check if Windows Defender is installed under Software\Features on a Windows Server 2016 asset's web page as seen in the screenshot below. Unfortunately, this will cause for Lansweeper not being able to detect Windows Defender for Windows Server 2016 as an installed Antivirus.

Windows Server 2016 Windows defender
Windows Server 2016 Windows defender features