So - what value are you query'ing for this?
Are you using SOFTWARE => APPLICATION SUITES => APPLICATION SUITE => "LANDesk(R) Antivirus" => Version ?
If so, then the version 184.108.40.206 is 100% correct (since it's the LANDesk 8.8 version of AV). This is information on the PACKAGE, not the binary itself.
If you want to monitor LDAV.EXE, you should be using something else
You should use either:
SOFTWARE => PACKAGE => LANDesk Antivirus Client => Version || (this reports on LDAV.EXE)
- or -
SOFTWARE => PACKAGE => LANDesk AV Service => Version || (this reports on AVSERVICE.EXE)
I'd also prefer moving this into the correct section ... it seems to me that this is more of a reporting issue than an AV issue per se - so I'll move this into the Reporting section (since you're trying to report on a single binary)...
LANDesk EMEA Technical Lead
Apologies for putting in the wrong area.
I have run the report based on ldav.exe and the results are still weird.
Some computers are showing 220.127.116.11 which is correct, and others are showing 18.104.22.168 which is wrong. I have browsed to the ldav.exe on several PC's and manually checked the ldav.exe and the file version shows 22.214.171.124 though LANDesk isn't picking this up.
What else can I try?
Not sure how you're getting a problem about stuff being mis-reported, that to me sounds like you're having problems with inventory.
What you CAN do is to create a custom vulnerability - checking simply that LDAV.EXE needs to be a version of 126.96.36.199 - and any devices that are "vulnerable" to that custom vulnerability would thus need to be patched up.
This will give you a quick chance to check up on things, independant of inventory (and a vulscan for "just custom vulnerabilities" will be a lot lighter on the network than a re-run of inventory to synch up).
That'll at least get you the result you need/want quickly.
For information on how to create custom vulnerabilities (just in case you're not familiar) - it's pretty easy stuff and a walkthrough can be found here:
Creating Custom Vulnerabilities LDMS 8.1:
Sample Custom Vulnerability XML exports:
and there's various other threads you can find by just searching for custom vulnerabilities.
LANDesk EMEA Technical Lead
Ultimately what are you trying to accomplish with your query?
If you are trying to see what clients have the old antivirus engine, and what clients have the new antivirus engine, here is a query you could try:
Write your query to return "Computer"."Security"."Antivirus Software"."Antivirus"."Engine Version"
If your query shows "188.8.131.52" you have the newer engine. If it shows "184.108.40.206" you have the older engine.
Three words................... YOU THE MAN!!
That is perfect. It appears that only 30 PC's have 88, and the rest have 95.
I actually just remembered, I created this article a week or so ago:
Hopefully someone else will find this useful. I didn't think to post it in the reporting section.
I'm glad that worked for you.