- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-15-2023 07:26 PM - last edited on ‎04-02-2024 10:12 AM by Mercedes_O
With a recent aquisition we are using Lansweeper to get a hold of our asset inventory. One issue I see is that there are over 300 devices that are flagged as having antivirus disabled. When I go on the asset in Lansweeper is shows that Windows Defender is disabled and that Sophos is enabled. There are even some instances where the PC is showing multiple Sophos instances (even though there is only 1). What can we do to have it ignore the Windows Defender (which we do not use) and focus on only 1 Sophos AV applications?
Solved! Go to Solution.
- Labels:
-
Scanning
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-19-2023 01:52 PM
To address the issue of multiple antivirus detections in Lansweeper's asset inventory, follow these steps: First, uninstall Windows Defender from devices where it's not in use. Next, ensure only one instance of Sophos antivirus is installed on each device, removing any extra installations. Configure Lansweeper to exclude Windows Defender and unnecessary Sophos instances.
Now, perform a rescan in Lansweeper to update the inventory accurately. For ongoing management, consider using endpoint management solutions to streamline antivirus deployment and monitoring. Always refer to tool documentation and support if needed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-14-2024 08:07 PM
How can you "Configure Lansweeper to exclude Windows Defender"?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-19-2023 01:52 PM
To address the issue of multiple antivirus detections in Lansweeper's asset inventory, follow these steps: First, uninstall Windows Defender from devices where it's not in use. Next, ensure only one instance of Sophos antivirus is installed on each device, removing any extra installations. Configure Lansweeper to exclude Windows Defender and unnecessary Sophos instances.
Now, perform a rescan in Lansweeper to update the inventory accurately. For ongoing management, consider using endpoint management solutions to streamline antivirus deployment and monitoring. Always refer to tool documentation and support if needed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-17-2025 07:57 PM
Uninstalling built in windows programs seems like a very poor conception from lansweeper, surely in the past 18 months there must have been implementation of function to propose a better solution to this ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-19-2025 05:56 AM
Sophos tends to leave installation files that persist in add/remove programs, at least from my old experience with the application, where I had to use the uninstall tools that Sophos made... The accepted answer was from a helpful community member, not an official recommendation from Lansweeper - though I must say that it was written so well that I thought it was an official response myself 🙂 - I agree with your conclusion that one should not uninstall Defender, but rather ensure that it stays disabled, which Sophos should do if it installed correctly. I need to dig up old reports I made, but I made a report that showed everything exactly as the 'scanned antivirus' section shows... i use it to report on several things - one of which is 'defender enabled with sophos' report, as they both shouldn't be running.
ah here it is:
Select
Top 1000000 unioned.assetid,
tblAssets.AssetName,
tsysOS.Image As icon,
unioned.software,
unioned.version,
unioned.Enabled,
unioned.Uptodate,
unioned.RetrievedFrom,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Description,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssetCustom.Location,
tsysIPLocations.IPLocation,
tsysOS.OSname As OS,
tblAssets.SP As SP,
tblAssets.Firstseen,
tblAssets.Lastseen
From
(
(
Select
a.assetid As assetid,
a.software As software,
a.version As version,
'software comparison' As RetrievedFrom,
'' As Enabled,
'' As Uptodate
From
(
Select
tblSoftware.AssetID As assetid,
tblSoftwareUni.softwareName As software,
tblSoftware.softwareVersion As version
From
tblSoftware
Inner Join tblSoftwareUni On tblSoftware.softID = tblSoftwareUni.SoftID
Inner Join tsysantivirus On tblSoftwareUni.softwareName Like tsysantivirus.Software
) a
)
Union
(
Select
tblAntivirus.AssetID As assetid,
tblAntivirus.DisplayName As software,
Null As version,
'WMI' As RetrievedFrom,
Case When tblAntivirus.onAccessScanningEnabled = 1 Then 'Yes' Else 'No' End As Enabled,
Case When tblAntivirus.productUpToDate = 1 Then 'Yes' Else 'No' End As Uptodate
From
tblAntivirus
)
) unioned
Inner Join tblAssetCustom On unioned.assetid = tblAssetCustom.AssetID
Inner Join tblAssets On tblAssets.AssetID = unioned.assetid
Inner Join tsysOS On tblAssets.OScode = tsysOS.OScode
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
Where
tblAssetCustom.State = 1
and unioned.RetrievedFrom like '%wmi%'
Order By
tblAssets.AssetName
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-16-2023 09:52 AM
Hi,
Not sure if these help :
Antivirus duplicated entries - Lansweeper Community - 39194
How Lansweeper's antivirus detection works - Managing Software - Lansweeper Community
Have you also checked if Defender should be running in Passive Mode alongside Sophos, not sure with Sophos , you can check the status of Defender using Powershell and running "mpcomputerstatus" and check the field "AMRunningMode" ?
