Overview

You are receiving Malware Protection Vulnerability "Antispyware/antivirus real time protection is disabled" for some of your endpoints. Windows Defender is indeed disabled on endpoints; however, there is another antivirus installed and enabled.

Solution

The possible reasons for this issue are LanGuard not recognizing the installed third-party antivirus software, an incorrect Scanning Profile configuration, Agent corruption, communication issues, or other requirements not being met.

1. Ensure that the antispyware/antivirus software installed is recognized by LanGuard or classified manually as antispyware, antivirus, or another security category.
2. If you are not using Agents, verify that the Scanning Profile used is configured correctly.
3. If the results are coming from the Agent scans, try scanning the endpoint from the console instead. Once the scan completes, check whether the issue is present. If the results are correct, this indicates a problem with an Agent installation, and it has to be reinstalled:
   1. Manually remove the agent from the target machine, then reboot it.
   2. Go back to the LanGuard console and uninstall the agent from there as well since the console won't be aware that it's been removed from the target.
   3. Once the uninstallation completes, restart the GFI Attendant service on the LanGuard server.
   4. Finally, redeploy the agent to the target machine from the console.
4. If the issue persists, that may be caused by environmental variables. Ensure AV/Firewall Exceptions are correctly set up, and all the ports and protocols used by LanGuard are excluded.

Note: as a quick workaround you can always acknowledge/ignore this vulnerability.

Testing

Run a Full scan and verify the results. If the issue persists, contact GFI LanGuard Support, gathering and submitting the following:

• Logs from the LanGuard server
• Logs from one affected machine
• Scan results from the same machine