This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Server 2019 and Windows Defender Antivirus

Mikey_
Engaged Sweeper III

‎04-09-2020 03:07 PM

See attached image...

Why is it that Lansweeper does not see Windows Defender antivirus on Server 2019? It sees it on Windows 10 and Server 2016 just fine?

Any insight here?

Thanks!

Mike
Labels:
Preview file
172 KB
3 REPLIES 3
Hendrik_VE
Champion Sweeper III

‎04-10-2020 11:39 PM

Sure, but as you'll see I got some custom information in it, and I'm not reporting on Windows Defender at all. Particularly for McAfee I'm scanning the following registry values (I have two different McAfee AV solutions, ENS and VSE):
SOFTWARE\McAfee\AVSolution\DS\DS - dwContentMajorVersion
SOFTWARE\Wow6432Node\McAfee\AVEngine - AVDatVersion
SOFTWARE\McAfee\AVEngine - AVDatVersion
SOFTWARE\Network Associates\ePolicy Orchestrator\Agent - ePOServerList

I'm checking for the most recent DAT file (the AV Signature), when it's older then 7 days, my AV is out of date.
The output I import in PowerBI so I have a nice pie diagram showing me the AV Security Status of my network.


Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tsysOS.Image As icon,
  tblAssets.Domain,
  tblAssets.IPAddress,
  unioned.software As AVSoftware,
  DATQuery.Value As DATversion,
  DATQuery.Lastchanged As LastChanged,
  Case CharIndex('|', EPOQuery.Value)
    When 0 Then EPOQuery.Value
    Else SubString(EPOQuery.Value, 1, CharIndex('|', EPOQuery.Value) - 1)
  End As EPOServer,
  tsysIPLocations.IPLocation,
  tsysOS.OSname As OS,
  tblAssets.SP As SP,
  tblAssetCustom.Custom6 As 'System Administrator',
  tblAssetCustom.Custom5 As 'Network Administrator',
  tblAssetCustom.Custom4 As 'System Coördinator',
  tblAssets.Firstseen,
  tblAssets.Lastseen,
  tblAssets.Scanserver,
  Case
    When Convert(nvarchar,DateDiff(day, DATQuery.Lastchanged, GetDate())) > 7
    Then '#ffadad'
    When unioned.software = '' Or unioned.software Is Null Then '#ffff00'
    Else '#d4f4be'
  End As backgroundcolor
From tblAssets
  Inner Join tsysOS On tblAssets.OScode = tsysOS.OScode
  Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
  Left Join (Select tblRegistry.AssetID,
        tblRegistry.Regkey,
        tblRegistry.Valuename,
        tblRegistry.Value,
        tblRegistry.Lastchanged
      From tblRegistry
      Where tblRegistry.Valuename Like '%ePOServerList%') EPOQuery On
    EPOQuery.AssetID = tblAssets.AssetID
  Left Join ((Select a.assetid As assetid,
        a.software As software,
        a.version As version,
        'software comparison' As RetrievedFrom,
        '' As Enabled,
        '' As Uptodate
      From (Select tblSoftware.AssetID As assetid,
              tblSoftwareUni.softwareName As software,
              tblSoftware.softwareVersion As version
            From tblSoftware
              Inner Join tblSoftwareUni On tblSoftware.softID =
                tblSoftwareUni.SoftID
              Inner Join tsysantivirus On tblSoftwareUni.softwareName Like
                tsysantivirus.Software) a)) unioned On tblAssets.AssetID =
    unioned.assetid
  Left Join (Select t.AssetID,
        t.Regkey,
        t.Valuename,
        t.Value,
        t.Lastchanged
      From (Select tblRegistry.AssetID,
              Max(tblRegistry.Lastchanged) As max_lastchanged
            From tblRegistry
            Where tblRegistry.Regkey Like '%McAfee%' And
              tblRegistry.Valuename Like '%version%'
            Group By tblRegistry.AssetID) As m
        Inner Join tblRegistry As t On t.AssetID = m.AssetID And
          t.Lastchanged = m.max_lastchanged And t.Valuename Like '%version%' And
          t.Regkey Like '%McAfee%') DATQuery On DATQuery.AssetID =
    tblAssets.AssetID
  Left Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
Where tblAssetCustom.State = 1
Group By tblAssets.AssetID,
  tblAssets.AssetName,
  tsysOS.Image,
  tblAssets.Domain,
  tblAssets.IPAddress,
  unioned.software,
  DATQuery.Value,
  DATQuery.Lastchanged,
  tsysIPLocations.IPLocation,
  tsysOS.OSname,
  tblAssets.SP,
  tblAssetCustom.Custom6,
  tblAssetCustom.Custom5,
  tblAssetCustom.Custom4,
  tblAssets.Firstseen,
  tblAssets.Lastseen,
  tblAssets.Scanserver,
  EPOQuery.Value
Order By tblAssets.AssetName
0 Kudos
Mikey_
Engaged Sweeper III

‎04-10-2020 05:18 PM

Can I see your custom report on this?

Thanks!
0 Kudos
Hendrik_VE
Champion Sweeper III

‎04-10-2020 02:45 PM

If I'm not mistaken it's because it's installed as a Windows Feature and not as a Program.
But in my case I even don't see it in Server 2016, although the WinDefend service is running.
Which is just fine for me, because we're using McAfee as AV software.
I added a custom report which checks on the DAT file, so I can see if my AV is up to date for servers too (which isn't possible with the built-in report).

I think it would be better to modify the built-in report to include the WinDefend service also, and optionally for standard AV software (like McAfee) the default registry keys holding the AV signature version.

Unless LS has an other idea on this?
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now