Issue: Devices in "Computers not Recently Reporting Antivirus Configuration and Status"

Version 3

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x


    When gathering reports in Security Activity you may run across a field "Computers Not Recently Reporting Antivirus Configuration and Status" and this has an alarming amount of clients that have populated. This refers to the last scan date your Antivirus definitions located in Patch and Compliance. This is not to be confused with Antivirus pattern files that contain detection logic for detecting and removing viruses.



    This information is generated when clients are not scanning AV definitions that are located in Patch and Compliance under the Antivirus type. An example of this would be the definition "AV-100". This issue can occur even when those definitions are not present on the core.



    Doing a Scan for AV definitions clears clients from that area will remove those clients from that list, this can be accomplished one of two ways.


    Method 1: Change your Distribution and Patch settings to scan for Antivirus Updates


    1. Locate the Patch and Distribution setting the clients are using located in your agent settings.
    2. In the setting, on the left side look for and select "Scan options."
    3. While having the "Type" radio button selected locate and select the check box labeled "Anitvirus updates."
    4. Save your settings.


    The next time a client that uses those settings runs a Vulscan it will pull the updated setting down and apply it. Once a Vulscan with those applied settings runs on the client(s) in Security Activity should disappear.

    If a Distribution and Patch setting is set to scan for a group a new setting will need to be made and periodically scan to keep the information for showing up again in Security Activity.

    Method 2: Run a local Vulscan with a "/scan=8" switch

    1. One the local box do a start menu search "run"
    2. Type in the following command "Vulscan /scan=8"

    You can add /showui to the command so it generates a UI to show it's progress