cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Mikey_
Engaged Sweeper III
I have looked this up and have not seen any good answers on it. LANSweeper sees Defender AV on Windows 10 machines, but not Server 2016.

If I missed something, please point me in the right direction. I am confused why this has not been addressed. Or at least an option in the software to "allow defender as AV", that would trigger a correct scan would be cool.

Thanks!

Mike
18 REPLIES 18
DontByteMe
Engaged Sweeper III
Hello,

Maybe its a firewall rule on the server itself? I had the issue of the firewall blocking reports from my main server and had to adjust that to later get pings, reports and to push deployments.

This is just what i had faced. Not sure if you are having that same issue but its something to look at as well.
Mikey_
Engaged Sweeper III
Nathaniel wrote:
I'm sorry, my bad. This script I posted was the other one that shows only servers without AV. So that's the one we use for checking what servers don't have AV installed. We replaced with this script the original built-in one.


That's cool... That is a good report... but I was interested in the one that showed no AV installed to replace that default report. Now, I am wondering why it is showing by 2 2019 Servers. They both have Defender AV running and turned on.

Thanks!

Mike
Mikey_
Engaged Sweeper III
Nathaniel wrote:
Sorry, that's not correct. The script pulls all servers and gets all information from both the standard antivirus information and from features (presented in WS2016 and higher). If it finds AV information in any of these, it will show it.

It can be modified to contain other information, this is currently how we are using it in our company. So to your needs you may need to adjust it.

We used this logic to update the default report "Server: All servers without anti-virus software", so now we have exact number in the dashboard if there is any server that does not have AV installed or AV feature enabled.


It pulled my only 2 2019 Datacenter Servers for some reason. See picture.

Is it suppose to be pulling everything or just what it thinks doesn't have up to date AV? Maybe I need to modify it. I'd love to replace that standard report with this one.

Thanks!

Mike
Mikey! wrote:
Nathaniel wrote:
Sorry, that's not correct. The script pulls all servers and gets all information from both the standard antivirus information and from features (presented in WS2016 and higher). If it finds AV information in any of these, it will show it.

It can be modified to contain other information, this is currently how we are using it in our company. So to your needs you may need to adjust it.

We used this logic to update the default report "Server: All servers without anti-virus software", so now we have exact number in the dashboard if there is any server that does not have AV installed or AV feature enabled.


It pulled my only 2 2019 Datacenter Servers for some reason. See picture.

Is it suppose to be pulling everything or just what it thinks doesn't have up to date AV? Maybe I need to modify it. I'd love to replace that standard report with this one.

Thanks!

Mike


I'm sorry, my bad. This script I posted was the other one that shows only servers without AV. So that's the one we use for checking what servers don't have AV installed. We replaced with this script the original built-in one.

To have a list of servers where AV is installed, you can use this one:

Select Top 1000000 unioned.assetid,
tblAssets.AssetName,
tsysOS.Image As icon,
unioned.software,
unioned.version,
unioned.Enabled,
unioned.Uptodate,
unioned.RetrievedFrom,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Description,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssetCustom.Location,
tsysIPLocations.IPLocation,
tsysOS.OSname As OS,
tblAssets.SP As SP,
tblAssets.Firstseen,
tblAssets.Lastseen
From ((Select a.assetid As assetid,
a.software As software,
a.version As version,
'software comparison' As RetrievedFrom,
'' As Enabled,
'' As Uptodate
From (Select tblSoftware.AssetID As assetid,
tblSoftwareUni.softwareName As software,
tblSoftware.softwareVersion As version
From tblSoftware
Inner Join tblSoftwareUni On tblSoftware.softID =
tblSoftwareUni.SoftID
Inner Join tsysantivirus On tblSoftwareUni.softwareName Like
tsysantivirus.Software) a)
Union
(Select tblAntivirus.AssetID As assetid,
tblAntivirus.DisplayName As software,
Null As version,
'WMI' As RetrievedFrom,
Case
When tblAntivirus.onAccessScanningEnabled = 1 Then 'Yes'
Else 'No'
End As Enabled,
Case
When tblAntivirus.productUpToDate = 1 Then 'Yes'
Else 'No'
End As Uptodate
From tblAntivirus)) unioned
Inner Join tblAssetCustom On unioned.assetid = tblAssetCustom.AssetID
Inner Join tblAssets On tblAssets.AssetID = unioned.assetid
Inner Join tsysOS On tblAssets.OScode = tsysOS.OScode
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
Where tblComputersystem.Domainrole >= 2 And tblAssetCustom.State = 1
Order By tblAssets.AssetName
jgallott
Engaged Sweeper II
In the 'Servers without AV' report, in Server 2022 MSFT changed the name of the feature from 'Windows Defender' to 'Microsoft Defender Antivirus', so you need to modify lines 54/55 from:

tblFeatureUni.featureCaption = 'Windows Defender'

to:

tblFeatureUni.featureCaption in ('Windows Defender','Microsoft Defender Antivirus')


Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetUnique,
tblAssets.Domain,
tblAssets.Description,
tblAssets.Lastseen,
tsysOS.Image As icon
From tblAssets
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tblAssets.OScode = tsysOS.OScode
Where tblAssets.AssetID Not In (Select tblSoftware.AssetID
From tblSoftware Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
tblSoftware.softID Inner Join tsysantivirus On
tblSoftwareUni.softwareName Like tsysantivirus.Software) And
tblAssets.AssetID Not In (Select tblAntivirus.AssetID
From tblAntivirus) And tblAssets.AssetUnique Not In (Select
tblAssets.AssetUnique From ((Select a.assetid As assetid,
a.software As software,
a.version As version,
'software comparison' As RetrievedFrom,
'' As Enabled,
'' As Uptodate
From (Select tblSoftware.AssetID As assetid,
tblSoftwareUni.softwareName As software,
tblSoftware.softwareVersion As version
From tblSoftware
Inner Join tblSoftwareUni On tblSoftware.softID =
tblSoftwareUni.SoftID
Inner Join tsysantivirus On tblSoftwareUni.softwareName Like
tsysantivirus.Software) a)
Union
(Select tblAntivirus.AssetID As assetid,
tblAntivirus.DisplayName As software,
Null As version,
'WMI' As RetrievedFrom,
Case
When tblAntivirus.onAccessScanningEnabled = 1 Then 'Yes'
Else 'No'
End As Enabled,
Case
When tblAntivirus.productUpToDate = 1 Then 'Yes'
Else 'No'
End As Uptodate
From tblAntivirus)
Union
(Select tblFeature.AssetId As AssetID,
tblFeatureUni.featureName As Software,
Null As version,
'Features' As RetrievedFrom,
'' As Enabled,
'' As Uptodate
From tblFeature
Inner Join tblFeatureUni On tblFeature.featUniId =
tblFeatureUni.featUniID And tblFeatureUni.featureCaption in
('Windows Defender','Microsoft Defender Antivirus'))) As unioned Inner Join tblAssetCustom On
unioned.assetid = tblAssetCustom.AssetID Inner Join tblAssets On
tblAssets.AssetID = unioned.assetid Inner Join tsysOS On
tblAssets.OScode = tsysOS.OScode Left Join tsysIPLocations On
tblAssets.LocationID = tsysIPLocations.LocationID
Where tblAssetCustom.State = 1) And tblComputersystem.Domainrole >= 2 And
tblAssetCustom.State = 1
Mikey_
Engaged Sweeper III
Any reason it is not picking up that 2019 Servers have Defender running? This script sees all my 2016 servers running Defender, but not 2019. Even if I build a new 2019 machine, it shows up in this list as it has "no antivirus".

Thanks!

Mike

Nathaniel wrote:


I'm sorry, my bad. This script I posted was the other one that shows only servers without AV. So that's the one we use for checking what servers don't have AV installed. We replaced with this script the original built-in one.

To have a list of servers where AV is installed, you can use this one:

Select Top 1000000 unioned.assetid,
tblAssets.AssetName,
tsysOS.Image As icon,
unioned.software,
unioned.version,
unioned.Enabled,
unioned.Uptodate,
unioned.RetrievedFrom,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Description,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssetCustom.Location,
tsysIPLocations.IPLocation,
tsysOS.OSname As OS,
tblAssets.SP As SP,
tblAssets.Firstseen,
tblAssets.Lastseen
From ((Select a.assetid As assetid,
a.software As software,
a.version As version,
'software comparison' As RetrievedFrom,
'' As Enabled,
'' As Uptodate
From (Select tblSoftware.AssetID As assetid,
tblSoftwareUni.softwareName As software,
tblSoftware.softwareVersion As version
From tblSoftware
Inner Join tblSoftwareUni On tblSoftware.softID =
tblSoftwareUni.SoftID
Inner Join tsysantivirus On tblSoftwareUni.softwareName Like
tsysantivirus.Software) a)
Union
(Select tblAntivirus.AssetID As assetid,
tblAntivirus.DisplayName As software,
Null As version,
'WMI' As RetrievedFrom,
Case
When tblAntivirus.onAccessScanningEnabled = 1 Then 'Yes'
Else 'No'
End As Enabled,
Case
When tblAntivirus.productUpToDate = 1 Then 'Yes'
Else 'No'
End As Uptodate
From tblAntivirus)) unioned
Inner Join tblAssetCustom On unioned.assetid = tblAssetCustom.AssetID
Inner Join tblAssets On tblAssets.AssetID = unioned.assetid
Inner Join tsysOS On tblAssets.OScode = tsysOS.OScode
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
Where tblComputersystem.Domainrole >= 2 And tblAssetCustom.State = 1
Order By tblAssets.AssetName
Mikey_
Engaged Sweeper III
That script is only pulling 2019 Servers.... And there isn't much data....
Mikey! wrote:
That script is only pulling 2019 Servers.... And there isn't much data....


Sorry, that's not correct. The script pulls all servers and gets all information from both the standard antivirus information and from features (presented in WS2016 and higher). If it finds AV information in any of these, it will show it.

It can be modified to contain other information, this is currently how we are using it in our company. So to your needs you may need to adjust it.

We used this logic to update the default report "Server: All servers without anti-virus software", so now we have exact number in the dashboard if there is any server that does not have AV installed or AV feature enabled.
sunshine
Engaged Sweeper
Have you come across a custom report, to report on the feature being enabled? I'm surprised that Lansweeper is taking so long to provide a solution, for us, the customers.