Time taken to update anti-virus status

Options
brendan.richman
brendan.richman Member Posts: 15
in Remote Monitoring

I had ESET installed on a device, and uninstalled it - I expected the status on the device agent page to remove ESET and replace it with Windows Defender. It has put Windows Defender alongside ESET, but ESET is still there.

I reached out to support who advised me that it could take up to 2 weeks for this information to update, as per their KB https://support.atera.com/hc/en-us/articles/115008165547-Alert-Time-Intervals which sounds like an oddly long amount of time just to update the anti-virus installation status.

I did try and set the frequency manually, but it hasn't made a difference as far as I can tell.

Anything else I could try to force it to update and show the correct information?

Comments

  • mjones
    mjones Member Posts: 138 ✭✭✭✭
    Options

    I have received alerts within seconds of uninstalling ESET that the service was missing or stopped.

    Have you run the ESET removal tool ?
    Could be detecting some leftover bits.

    On a maybe related note, the detection rules seem different for Servers and Workstations

    Workstation

    Machine 1

    Server

    image.png

  • frank.pietersma
    frank.pietersma Member Posts: 78 ✭✭✭
    Options

    When Eset, or any other AV is removed some remnants stay behind in Windows. The information is still in the WMI repository. When queried bij Atera it still shows the old AV even-though it is removed properly.

    To view Which AV's are in the WMI repository run this powershell command:

    Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct

    To remove the wrong information from WMI you just have to reset the repository, After the next reboot it will show the right information. To reset WMI use the following commands from a Command prompt:

    net stop winmgmt /y
    winmgmt /resetrepository
    net start winmgmt
    net start "ip helper"

    This should do the trick!

Topics