sporritt Posted May 23, 2011 Report Posted May 23, 2011 In one of our environments we have about 1900 desktops, and about 690 of them are reporting that there is no AV installed (McAfee VSE 8.7i) and windows updates are disabled. They are identical PC's (Dell's) running windows XP SP3 deployed from WDS and are on an AD domain. I can get samples from computers in the same OU under the same policy and some update this section correct and some dont. There is no difference between them either physically or in the software they have installed. The firewall on all desktops is disabled via GPO and I can scan them manually and I have it setup with a login script to scan when users login and that also works fine. You can see from the report that it can see that McAfee is installed, and yet it reports that it has no AV. Looking for any sort of common thread to try and narrow down why it would be reporting this. Suggestions appreciated. Quote
Support Posted May 25, 2011 Report Posted May 25, 2011 Steve, Please send us the XML files for the two identical computers from the same OU, one that is reporting fine and another that is not, to our email for analysis. Quote
sporritt Posted May 26, 2011 Author Report Posted May 26, 2011 Steve, Please send us the XML files for the two identical computers from the same OU, one that is reporting fine and another that is not, to our email for analysis. Ok I believe I have actually found part of the issue I have checked about 40 systems now, and every system not reporting AV being present is running McAfee VSE 8.7i patch 3. Currently our systems are split between patch 2 and patch 3, although current latest version is patch 5. I tried two tests with interesting results. 1. I upgraded one of the systems reporting AV to TNI correctly from patch 2 to patch 5. It continues to report correctly after a rescan. 2. I upgraded one of the systems not reporting correctly from patch 3 to patch 5, and it continues to fail to report correctly. I have sent through two xml files for the two machines I updated in the testing above to the email address as requested. Quote
Support Posted May 30, 2011 Report Posted May 30, 2011 This doesn't seem like a TNI issue. The appropriate classes in the security namespace are just absent in one of the files that you've sent us. I can't say for sure what causes similar systems to behave differently. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.