2 Replies Latest reply on Aug 12, 2013 1:24 PM by bsod

    Reporting on Antivirus status

    bsod

      Is there a way to do it that I'm not seeing?  I know all Windows Security Center the information is availible via WMI.  Windows Security Center: Fooling WMI Consumers | OPSWAT Blog

      I'm currently trying to write a script to report Antivirus Product, Version, and Update Status for our domain.  I was thinking this would be a very handy report in SWPM.  I didn't see where I could generate a report on all computers that a program is NOT installed on either.

       

      - Joe

        • Re: Reporting on Antivirus status
          Lawrence Garvin

          Greetings Joe

           

          The information from the Windows Security Center is not currently available via the Patch Manager inventory functionality.

          Sounds like a great feature request.

           

          One way you can obtain installation state information on installed AV products is via the Installed Software inventory. While it does require that you have some methodology for identifying the specific products of interest, it is fairly easy to customize the stock Installed Software report to show only installed anti-virus/anti-malware products.

           

          However, there is no possible way to generate a report on products that are NOT installed on a machine, because the inventory only works from what is actually installed. To develop a report based on missing data, you can to export the list of machines where the product is installed to another database and then do an outer join with the complete list of systems to identify the missing systems in the installation report, or export the installed software report to Excel and use that as a VLOOKUP source to a column in a worksheet with the complete list of systems. The systems with no found vlookup value would be the systems lacking the software.

          • Re: Reporting on Antivirus status
            bsod

            "However, there is no possible way to generate a report on products that are NOT installed on a machine, because the inventory only works from what is actually installed."

             

            I have a report that finds any program on any computer using a partial match of the program name.  I had a brain cramp and made it a NOT rule, then seatched for Sophos.   Sure enough, it showed me everything that was NOT Sophos.  Not very helpful.   I will make it a feature request and include a few links to where the info is at in WMI.  Thanks Lawrence!

            - Joe