This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows Defender is displayed as enabled

RonnyK
Engaged Sweeper II

‎06-20-2023 11:56 AM

Hello,

we have the problem that on our Windows server the Windows Defender is shown as Enabled and not our AV solution, although the Defender is deactivated. Under Software -> Antivirus, Defender and our AV software are displayed.
Is there a solution for this?
Many greetings
Ronny

 

Labels:
Preview file
38 KB
0 Kudos
5 REPLIES 5
RonnyK
Engaged Sweeper II

‎06-23-2023 08:38 AM - edited ‎06-23-2023 08:39 AM

Hi,

I have run the commands but both ended with error because the WMI classes were not found. Then I deleted the server and re-inventory and then the correct AV is displayed. Unfortunately this is not really a good solution because we use a lot of custom fields. Or is there a workable solution for re-inventorying here?

Thanks a lot for your efforts.
Ronny

0 Kudos
Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support
In response to RonnyK

‎06-23-2023 08:51 AM

Hello there!

So if the data did not re-appear after deleting and rescanning the asset, this seems to confirm that this was old data. If you have more assets like this, we would recommend contacting support so we can perform some debugging: https://www.lansweeper.com/contact-support/

0 Kudos
Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

‎06-21-2023 09:16 AM

Hello there,

The antivirus status is retrieved from WMI by the scanning server. If WMI reports an incorrect status (in which case Lansweeper will reflect this), you can try rebuilding the AntiVirusProduct WMI class on the affected machines and rescanning them afterward.

For further assistance, you can reach out to support: https://www.lansweeper.com/contact-support/

0 Kudos
RonnyK
Engaged Sweeper II
In response to Obi_1_Cinobi

‎06-22-2023 07:08 AM

Hi,

thank you for your reply. But I'll quote from your faq: "Keep in mind that the AntiVirusProduct WMI class simply does not exist on Windows Server operating systems, which makes it impossible to retrieve the antivirus status of these machines.". So I have no way to repair the WMI class, but lansweeper says that the information comes from the WMI class. 

0 Kudos
Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support
In response to RonnyK

‎06-22-2023 08:31 AM

Hello there!

That is correct, the AntiVirusProduct WMI class does not exist on Windows Server operating systems, but nonetheless, your asset page is displaying status information (and a little bug icon) which suggests that the scanning routine found something in WMI.

We are not aware of the history of this particular server, but if it is an option for you, you could try deleting the asset page and then rescan the asset to see if the information is still there.

Alternatively, you can run the two commands below in an elevated command prompt on the local computer to cross-reference with what is stored in WMI. The command output will be stored in lansweeperwmi.txt, which will be written to the folder from which the command is run in CMD.

wmic /namespace:\\root\SecurityCenter path AntiVirusProduct > lansweeperwmi1.txt
wmic /namespace:\\root\SecurityCenter2 path AntiVirusProduct > lansweeperwmi2.txt

 And do not hesitate to reach out if you need some more support: https://www.lansweeper.com/contact-support/

0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now