This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
We’re currently experiencing a high volume of support requests, which may result in longer response times — thank you for your patience and understanding.
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What if my antivirus information is incorrect or missing?

Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

4 weeks ago

This article explains how Lansweeper detects antivirus software in Lansweeper On-prem and what to check if the antivirus information shown for an asset is incorrect or missing.

How Lansweeper retrieves antivirus information

Lansweeper pulls antivirus information from assets in two distinct ways:

1. Via WMI (Windows Management Instrumentation)

Lansweeper can retrieve antivirus product information and status directly from WMI on Windows client operating systems.

  • This method provides:
    • Antivirus product name
    • Status (enabled/disabled)
    • Update status (up to date or not)
  • Antivirus records retrieved from WMI are identified by a small bug icon in the web console.

Important
The WMI class that stores antivirus status does not exist on Windows Server operating systems. As a result, Lansweeper cannot detect antivirus status (enabled/disabled or up to date) on Windows servers using WMI.

2. Via the software list (Add/Remove Programs)

If antivirus information cannot be retrieved from WMI, Lansweeper checks the Software tab of the asset (which mirrors Add/Remove Programs).

  • Lansweeper compares installed software against the list of known antivirus products configured under:
    Software \ Anti-Virus Settings
  • If a match is found, the software is identified as antivirus software.
Limitations
When antivirus software is detected via the software list:
  • No status information is available (enabled/disabled or up to date)
  • Only the presence of the antivirus product can be detected

Make sure the antivirus product is added using the exact spelling as shown on the Software tab of the asset.

Antivirus information retrieved from WMI is incorrect

If the antivirus information shown in Lansweeper was retrieved from WMI and appears incorrect, the data may already be incorrect in WMI itself.

How to verify antivirus data stored in WMI

To validate the antivirus information stored in WMI:

  1. Open an elevated Command Prompt on the affected computer.

  2. Run the following commands:

wmic /namespace:\\root\SecurityCenter path AntiVirusProduct > lansweeperwmi1.txt
wmic /namespace:\\root\SecurityCenter2 path AntiVirusProduct > lansweeperwmi2.txt

  1. The output will be saved as:

    • lansweeperwmi1.txt

    • lansweeperwmi2.txt

These files will be created in the directory from which the commands were executed.

Compare the results with what is displayed in Lansweeper. If the information matches, the data is being reported correctly by WMI.

Antivirus information retrieved from the Software tab is missing

If antivirus software is detected via the Software tab and is missing or not identified correctly:

  • Navigate to Software \ Anti-Virus Settings in the web console
  • Add the antivirus product manually if it is not listed
  • Ensure the product name uses the exact same spelling as shown on the Software tab of the asset

Even minor differences in spelling or formatting can prevent Lansweeper from recognizing the software as antivirus.

Additional resources

For a detailed overview of how Lansweeper scans antivirus information, see:

Was this article helpful? Yes No
No ratings
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
Version history
Last update:
4 weeks ago
Updated by:
Lansweeper Tech Support