Several Agent are showing "AV Not Running" eventhough they have an active AV

ETC-DanielL
New here

Several Agent are showing "AV Not Running" eventhough they have an active AV

For quite some time now, Meraki MDM is showing "AV Not Running" on several Windows machines:

HP EliteBook (840 14 Inch G9) and Surface Laptops (3,4 and 5)

 

Would you be able to tell me if I'm the only one with these issues, is it a known issue? Have you been able to resolve it? support has not been able to help us with that so far.

 

I'll really appreciate your response on this.

 

Thanks

10 Replies 10
alemabrahao
Kind of a big deal
Kind of a big deal

Have you tried downloading the latest mobileconfig MDM file from Meraki and reimporting it into the configurator?

This may not be the exact issue you’re facing. If it doesn’t resolve your issue, I recommend you open a  support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ETC-DanielL
New here

i thought the configurator was only for mac devices? could you please share some documentation on how to do that please?

 

i'll try that

alemabrahao
Kind of a big deal
Kind of a big deal

I'm sorry, you are correct, in this case I think the best thing is to contact support.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
CptnCrnch
Kind of a big deal
Kind of a big deal

What kind of Antivirus software is running on those machines?

ETC-DanielL
New here

Our entire AV protection is under CheckPoint Harmony Endpoint AV. weird enough some of them are marked as AV installed, some are NOT but all of them have the AV, from the AV portal site are all operational. i don't know if theres something to do with the type of machine (surface X and Hp EliteBook)

BlakeRichardson
Kind of a big deal
Kind of a big deal

@ETC-DanielL My guess is its either the version of OS or version of AV. I would open a support ticket and see if that AV software is compatible with systems manager

 

The documentation states this is how SM checks to see if AV software is installed.

 

Screenshot 2023-12-01 at 7.49.33 AM.png

 

https://documentation.meraki.com/SM/Tags_and_Policies/Security_Policies_in_Systems_Manager/Troublesh...

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
ETC-DanielL
New here

Is so strange that all the other machines registered OK with that AV. The problem is with the ones in red.

 

For the last one I just completely removed and installed CheckPoint again and still shows as NO AV Running but registered the AV. 

 

ETCDanielL_2-1701371746567.png

 

Support have been engaged in the past for the same situation and were not able to help. that why I'm trying to check from other sources if anyone else has encounter this issue in the past.

 

ETC-DanielL
New here

And one of the commands for AV check is returning that checkpoint is present:

 

PS C:\WINDOWS\system32> Get-WmiObject -query "Select * from AntiVirusProduct" -Namespace "root\SecurityCenter2"


__GENUS : 2
__CLASS : AntiVirusProduct
__SUPERCLASS :
__DYNASTY : AntiVirusProduct
__RELPATH : AntiVirusProduct.instanceGuid="{5E1A3CFB-A963-5D99-A23F-7BA03B432F37}"
__PROPERTY_COUNT : 6
__DERIVATION : {}
__SERVER : x
__NAMESPACE : ROOT\SecurityCenter2
__PATH : \\x\ROOT\SecurityCenter2:AntiVirusProduct.instanceGuid="{5E1A3CFB-A963-5D99-A2
3F-7BA03B432F37}"
displayName : Check Point Anti-Malware
instanceGuid : {5E1A3CFB-A963-5D99-A23F-7BA03B432F37}
pathToSignedProductExe : C:\Program Files (x86)\CheckPoint\Endpoint Security\Anti-Malware\epam_cli.exe
pathToSignedReportingExe : C:\Program Files (x86)\CheckPoint\Endpoint Security\Anti-Malware\epam_svc.exe
productState : 266256
timestamp : Thu, 30 Nov 2023 18:59:04 GMT
PSComputerName : x

PhilipDAth
Kind of a big deal
Kind of a big deal

Have you got the Meraki Agent installed as well as the machine being MDM joined?

ETC-DanielL
New here

I found this ticket from some time ago from a colleague of mine who faced the same issue (Case 09389282 AV not Running 1) and it seems there's a general issue with this. I don't know if there's any from support here that can help me to know if this is 100% accurate and if there are any updates. 

 

ETCDanielL_1-1701446470127.png

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels