cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
RonnyK
Engaged Sweeper II

Hello,

we have the problem that on our Windows server the Windows Defender is shown as Enabled and not our AV solution, although the Defender is deactivated. Under Software -> Antivirus, Defender and our AV software are displayed.
Is there a solution for this?
Many greetings
Ronny

 

5 REPLIES 5
RonnyK
Engaged Sweeper II

Hi,

I have run the commands but both ended with error because the WMI classes were not found. Then I deleted the server and re-inventory and then the correct AV is displayed. Unfortunately this is not really a good solution because we use a lot of custom fields. Or is there a workable solution for re-inventorying here?

Thanks a lot for your efforts.
Ronny

Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

Hello there!

So if the data did not re-appear after deleting and rescanning the asset, this seems to confirm that this was old data. If you have more assets like this, we would recommend contacting support so we can perform some debugging: https://www.lansweeper.com/contact-support/

Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

Hello there,

The antivirus status is retrieved from WMI by the scanning server. If WMI reports an incorrect status (in which case Lansweeper will reflect this), you can try rebuilding the AntiVirusProduct WMI class on the affected machines and rescanning them afterward.

For further assistance, you can reach out to support: https://www.lansweeper.com/contact-support/

RonnyK
Engaged Sweeper II

Hi,

thank you for your reply. But I'll quote from your faq: "Keep in mind that the AntiVirusProduct WMI class simply does not exist on Windows Server operating systems, which makes it impossible to retrieve the antivirus status of these machines.". So I have no way to repair the WMI class, but lansweeper says that the information comes from the WMI class. 

Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

Hello there!

That is correct, the AntiVirusProduct WMI class does not exist on Windows Server operating systems, but nonetheless, your asset page is displaying status information (and a little bug icon) which suggests that the scanning routine found something in WMI.

We are not aware of the history of this particular server, but if it is an option for you, you could try deleting the asset page and then rescan the asset to see if the information is still there.

Alternatively, you can run the two commands below in an elevated command prompt on the local computer to cross-reference with what is stored in WMI. The command output will be stored in lansweeperwmi.txt, which will be written to the folder from which the command is run in CMD.

wmic /namespace:\\root\SecurityCenter path AntiVirusProduct > lansweeperwmi1.txt
wmic /namespace:\\root\SecurityCenter2 path AntiVirusProduct > lansweeperwmi2.txt

 And do not hesitate to reach out if you need some more support: https://www.lansweeper.com/contact-support/