Notification

Icon
Error

Workstation: Antivirus Expired Report - Report showing devices as EXPIRED AV when AV is up to date and enabled

Posted: Tuesday, April 7, 2020 5:31:24 PM(UTC)
CVannest

CVannest

Member Original PosterPosts: 17
0
Like
I'm using the built in Workstation: Antivirus Expired Report but getting some invalid returned data. I've removed other AV solutions from the system under Software/Anti-Virus Software and left our AV solutions in there. PCs are being scanned and returning on the report because Windows Defender is Disabled/Outdated but Sophos is fully enabled and up to date. I've done a full database cleanup and removed all the devices from the report from the system and rescanned them back in, still getting the same issue. Anyone else experiencing this?
Erik.T
#1Erik.T Member Administration Posts: 94  
posted: 4/9/2020 11:14:28 AM(UTC)
Hi CVannest,

When Lansweeper scans an asset, it will not always retrieve all information. As not all computer information changes often, Lansweeper uses scanned item intervals to determine which information needs to be refreshed at which time. I'd recommend checking the interval for Anti-virus scanning.

More information on how to configure scanned item intervals can be found in the below article.
https://www.lansweeper.c...pecific-data-is-scanned/
CVannest
#2CVannest Member Original PosterPosts: 17  
posted: 4/9/2020 2:54:33 PM(UTC)
Originally Posted by: Erik.T Go to Quoted Post
Hi CVannest,

When Lansweeper scans an asset, it will not always retrieve all information. As not all computer information changes often, Lansweeper uses scanned item intervals to determine which information needs to be refreshed at which time. I'd recommend checking the interval for Anti-virus scanning.

More information on how to configure scanned item intervals can be found in the below article.
https://www.lansweeper.c...pecific-data-is-scanned/


I have ANtiVirus Scanning interval set to 1.
Even if I manually rescan an item on the report, it still shows that our primary AV (Sophos) is enabled and up to date and the Windows Defender is Disabled and Outdated. Since Windows Defender is NOT in the list of AVs under Software/Anti-Virus Settings it SHOULD NOT be hitting on that. I deleted every device on the report earlier this week, and now I have 113 devices in there again. I have over 7000 PCs in the system, so why are 113 showing up on this report when they have fully updated and active Sophos AV?
Hendrik.VE
#3Hendrik.VE Member Posts: 41  
posted: 4/10/2020 1:25:10 PM(UTC)
Defender shows up because it is scanned through WMI. So even when you remove Defender from Software/Anti-Virus Settings, Lansweeper will still discover it as disabled and outdated.

Best you can do I think is exclude Defender from the report:

Code:
Select Top 1000000 tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  tblAntivirus.DisplayName As Antivirus,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypename As Type,
  tblAssets.IPAddress As [IP Address],
  tblAssets.Description,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tblAssetCustom.Location,
  tsysIPLocations.IPLocation,
  tblAssets.Lasttried,
  tblAssets.Firstseen,
  tblAssets.Lastseen
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tblAntivirus On tblAssets.AssetID = tblAntivirus.AssetID
  Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
Where tblAntivirus.DisplayName Not Like '%Defender%' And tblAssetCustom.State =
  1 And tblAntivirus.productUpToDate = 0
Order By tblAssets.AssetName
CVannest
#4CVannest Member Original PosterPosts: 17  
posted: 4/10/2020 1:47:28 PM(UTC)
Thank you for the report. Its a much better view for Sophos!

Active Discussions

Lansweeper Unable to send to External Email
by  pryan67   Go to last post Go to first unread
Last post: Yesterday at 8:21:01 PM(UTC)
Lansweeper Lansweeper assets not being Scanned
by  Jordan  
Go to last post Go to first unread
Last post: Yesterday at 6:42:22 PM(UTC)
Lansweeper Database size growing too large
by  bladd   Go to last post Go to first unread
Last post: Yesterday at 4:26:44 PM(UTC)
Lansweeper Searching Specific File
by  mzipperer  
Go to last post Go to first unread
Last post: Yesterday at 4:23:29 PM(UTC)
Lansweeper Exchange 2010 information is not populating
by  Moe   Go to last post Go to first unread
Last post: Yesterday at 12:30:38 PM(UTC)
Lansweeper Routinely Exploited Vulnerabilities Query Report
by  pryan67  
Go to last post Go to first unread
Last post: Yesterday at 12:25:31 PM(UTC)
Lansweeper Creating a report for new devices every 2 hours to alert
by  Moe   Go to last post Go to first unread
Last post: 6/4/2020 7:26:11 PM(UTC)
Lansweeper Changes in the licensing model
by  BullGates  
Go to last post Go to first unread
Last post: 6/4/2020 6:27:23 PM(UTC)