Notification

Icon
Error

Workstation: Antivirus Expired Report - Report showing devices as EXPIRED AV when AV is up to date and enabled

Posted: Tuesday, April 7, 2020 5:31:24 PM(UTC)
CVannest

CVannest

Member Original PosterPosts: 17
0
Like
I'm using the built in Workstation: Antivirus Expired Report but getting some invalid returned data. I've removed other AV solutions from the system under Software/Anti-Virus Software and left our AV solutions in there. PCs are being scanned and returning on the report because Windows Defender is Disabled/Outdated but Sophos is fully enabled and up to date. I've done a full database cleanup and removed all the devices from the report from the system and rescanned them back in, still getting the same issue. Anyone else experiencing this?
Erik.T
#1Erik.T Member Administration Posts: 94  
posted: 4/9/2020 11:14:28 AM(UTC)
Hi CVannest,

When Lansweeper scans an asset, it will not always retrieve all information. As not all computer information changes often, Lansweeper uses scanned item intervals to determine which information needs to be refreshed at which time. I'd recommend checking the interval for Anti-virus scanning.

More information on how to configure scanned item intervals can be found in the below article.
https://www.lansweeper.c...pecific-data-is-scanned/
CVannest
#2CVannest Member Original PosterPosts: 17  
posted: 4/9/2020 2:54:33 PM(UTC)
Originally Posted by: Erik.T Go to Quoted Post
Hi CVannest,

When Lansweeper scans an asset, it will not always retrieve all information. As not all computer information changes often, Lansweeper uses scanned item intervals to determine which information needs to be refreshed at which time. I'd recommend checking the interval for Anti-virus scanning.

More information on how to configure scanned item intervals can be found in the below article.
https://www.lansweeper.c...pecific-data-is-scanned/


I have ANtiVirus Scanning interval set to 1.
Even if I manually rescan an item on the report, it still shows that our primary AV (Sophos) is enabled and up to date and the Windows Defender is Disabled and Outdated. Since Windows Defender is NOT in the list of AVs under Software/Anti-Virus Settings it SHOULD NOT be hitting on that. I deleted every device on the report earlier this week, and now I have 113 devices in there again. I have over 7000 PCs in the system, so why are 113 showing up on this report when they have fully updated and active Sophos AV?
Hendrik.VE
#3Hendrik.VE Member Posts: 41  
posted: 4/10/2020 1:25:10 PM(UTC)
Defender shows up because it is scanned through WMI. So even when you remove Defender from Software/Anti-Virus Settings, Lansweeper will still discover it as disabled and outdated.

Best you can do I think is exclude Defender from the report:

Code:
Select Top 1000000 tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  tblAntivirus.DisplayName As Antivirus,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypename As Type,
  tblAssets.IPAddress As [IP Address],
  tblAssets.Description,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tblAssetCustom.Location,
  tsysIPLocations.IPLocation,
  tblAssets.Lasttried,
  tblAssets.Firstseen,
  tblAssets.Lastseen
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tblAntivirus On tblAssets.AssetID = tblAntivirus.AssetID
  Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
Where tblAntivirus.DisplayName Not Like '%Defender%' And tblAssetCustom.State =
  1 And tblAntivirus.productUpToDate = 0
Order By tblAssets.AssetName
CVannest
#4CVannest Member Original PosterPosts: 17  
posted: 4/10/2020 1:47:28 PM(UTC)
Thank you for the report. Its a much better view for Sophos!

Active Discussions

Lansweeper NOT doesn't work as expected
by  KevinA-REJIS   Go to last post Go to first unread
Last post: Yesterday at 5:49:29 PM(UTC)
Lansweeper Combined Vulnerability Report Q1 2019
by  Leslie Stroobant  
Go to last post Go to first unread
Last post: Yesterday at 3:27:42 PM(UTC)
Lansweeper All Devices with WINS Service Running on the Network
by  Andy.S   Go to last post Go to first unread
Last post: Yesterday at 2:44:56 PM(UTC)
Lansweeper Physical Laptops and Desktops Only
by  pryan67  
Go to last post Go to first unread
Last post: Yesterday at 1:51:56 PM(UTC)
Lansweeper Assistance With AV & Bitlocker Report
by  Andy.S   Go to last post Go to first unread
Last post: Yesterday at 12:50:47 PM(UTC)
Lansweeper Count of completed KB installation Report
by  jamie21  
Go to last post Go to first unread
Last post: 6/4/2020 11:49:57 AM(UTC)
Lansweeper local admin users of a specific device
by  Andy.S   Go to last post Go to first unread
Last post: 6/4/2020 10:42:23 AM(UTC)
Lansweeper Bitlocker Report not contain all computers
by  Andy.S  
Go to last post Go to first unread
Last post: 6/3/2020 6:20:53 PM(UTC)