It is vital for our partners that Datto RMM provides accurate information about their managed endpoints' antivirus status. Datto RMM's universal antivirus detection allows an endpoint to report the name and status of its antivirus product. The antivirus information is presented on the Device Summary page under the Status section. The data is also used in monitoring, filters and columns, on the Site Summary page, and in reports.
Datto RMM stores one antivirus product offering the highest level of protection per device. The table below lists the antivirus products that are natively detected by Datto RMM on Windows or macOS devices. The table also contains information on whether the product can be downloaded as a pre-packaged component from the ComStore, as well as a link to the vendor's website for more information about the antivirus solution.
|Antivirus Product||Windows||macOS||ComStore||More Information|
|Avast Antivirus (from Windows 7 onward)||Avast|
|Avast Business Antivirus (from Windows Server 2012 onward)||Avast|
|Bitdefender Endpoint Security||Bitdefender|
|ESET Endpoint Antivirus||ESET|
|Kaspersky Endpoint Security||Kaspersky|
|Kaspersky Security for Windows Server (from Windows Server 2012 onward)||Kaspersky|
|McAfee Endpoint Security||McAfee|
|McAfee VirusScan Enterprise||McAfee|
|Panda Endpoint Protection||Panda|
|Symantec Endpoint Protection||Symantec|
|System Center Endpoint Protection (On Windows 7 and Windows Server 2012. On Windows Server 2016, it is detected as Windows Defender Antivirus.)||Microsoft|
|Trend Micro Worry-Free Business Security||Trend Micro|
|Windows Defender Antivirus (from Windows 8 onward)||Microsoft|
Please note that Datto RMM only supports the antivirus suites listed above. If a server variant, for example, is not listed, it is not supported.
When no antivirus product is detected on workstations running Windows Vista and above, the Agent will use the Windows Security Center information. Windows Server does not support this facility.
The protection level is based on whether the antivirus product is detected, running, and/or up to date. The order of protection level (from highest to lowest) is defined in the following way:
|Running & up-to-date|
|Running & not up-to-date|
A device's antivirus status is updated every 60 seconds if different from the previous status.
Updates older than three days are considered out of date.
Antivirus status override file
In the case of macOS and Linux devices or when the antivirus product is not natively detected, you can use an antivirus status override file to update the device's antivirus status. The file must be JSON in the following format:
Create the file and store it in the following location:
You can write a custom component monitor to perform the necessary checks and update the override file. The Datto RMM Agent monitors the override file location and if it detects a change, it will pass the information to the Web Portal where it will be available for device and site summary, filters, reports, and alerting as well.
Ensure that any variables used in the override file are formatted correctly, as the parsing of the JSON file is case-sensitive. In PowerShell, for example, if you use a variable of format
$false rather than the string "true" or "false", the override will fail since the returned values of
$false equate to “True” and “False” (capital initials), respectively.
The override file must not be older than seven days. If the file was last modified more than seven days ago, it will be deleted.
Antivirus engine log entries
The antivirus engine log entries are found in the following location:
Antivirus Status Monitor
The Antivirus Status Monitor can alert when no antivirus product has been detected or when it is not up to date or not running. Refer to Antivirus Status Monitor.
Antivirus filters and columns
You can choose the Antivirus Product and Antivirus Status columns from the column chooser in any device list. Additionally, the same filter criteria are available when creating a filter.
Site Summary and reporting
|Need to troubleshoot this? Open the Datto Knowledge Base.|
|Want to talk about it? Head on over to our Community Forum!|
|Forward this topic to others.|
|Provide feedback for the Documentation team|