By default, Lansweeper includes a number of reports that provide information on your Windows computers' anti-virus setup, to help you identify vulnerabilities in your network. These reports can be found in the Reports menu of the web console. An individual computer's anti-virus information can also be found in the Summary and Software\Antivirus tabs of the computer's Lansweeper webpage. Lansweeper can detect both whether a Windows computer has anti-virus software installed and what the status of the anti-virus software is. This article explains how anti-virus detection works and how you can customize it.
Anti-virus status detection: enabled/disabled and up-to-date/out-of-date
Lansweeper pulls most Windows computer data from WMI (Windows Management Instrumentation), a management framework built into Windows operating systems. An anti-virus software's status is pulled from the AntiVirusProduct WMI class, found in the \root\SecurityCenter or \root\SecurityCenter2 (Windows Security Center) namespace. WMI stores bit (SecurityCenter) or hexadecimal (SecurityCenter2) values indicating whether the anti-virus software is enabled/disabled and up-to-date/out-of-date. Hex values are converted by Lansweeper to bit values as well. A value of 0 means that the anti-virus software is disabled/out-of-date; a value of 1 means that the anti-virus software is enabled/up-to-date.
Lansweeper uses two methods for detection of installed anti-virus software:
- It pulls data from the AntiVirusProduct WMI (Windows Management Instrumentation) class, found in the \root\SecurityCenter or \root\SecurityCenter2 (Windows Security Center) namespace. In the Software\Antivirus tab of individual computer webpages, you can identify anti-virus records pulled from WMI by the little "bug" icon.
- It looks at the software list in the Software tab of a computer's webpage (which mimics Add/Remove Programs) and verifies whether an installed software package is part of the list of known anti-virus software found in the web console under Software\Anti-Virus Settings. If a software package listed in a computer's Software tab is part of the list of known anti-virus software, the computer is deemed to have anti-virus software installed.If neither method finds anti-virus software on a machine, but the machine does have anti-virus software installed, you can try:
• If the software is listed in the Software tab of the machine's Lansweeper webpage, adding it to the list of known anti-virus software under Software\Anti-Virus Settings.
• Rebuilding the AntiVirusProduct WMI class.You can use the following as a wildcard under Software\Anti-Virus Settings: %
• Avira% marks any software whose name starts with the word "Avira" as anti-virus.
• %Avira marks any software whose name ends in the word "Avira" as anti-virus.
• %Avira% marks any software whose name contains the word "Avira" as anti-virus.