Description
This article describes the situation where Third party Antivirus application had been uninstalled from endpoint but FortiClient is still detecting it.
Scope
FortiClient
Solution
FortiClient queries Windows Security Center to determine for any third Antivirus software installed and if it detects a third party Antivirus application, Realtime protection will be disabled.
Follow steps below to remove any third party Antivirus from Windows Security Center record:
Run Windows PowerShell as administrator and execute command below to obtain Antivirus product name and InstanceGuid which will be useful for the 2nd step to identify record that we would like to remove:
gwmi -Namespace root\securitycenter2 -Class AntivirusProduct
In the screenshot above, there is a 3rd party Antivirus software recorded in Windows Security Center.
To remove the AVG Antivirus record, there are 2 options:
Option 1: With PowerShell executing command below:
Get-WmiObject -ClassName 'AntivirusProduct' -NameSpace 'root\securityCenter2' | Where-Object {$_.instanceGuid -Match '{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}'} | Remove-WmiObject
(*) Where {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} is the instanceGuid of AVG Antivirus
Option #2: Using WBEMTEST
Go to Start -> Search for ‘wbemtest’ and run as administrator.
Select the 'Connect…' button:
Select the 'Connect…' button:
Fill in namespace 'root/securitycenter2' and select 'Connect':
Select 'Query…' button, execute command 'SELECT * from Antivirusproduct' and select 'Apply'.
Query results show Windows Defender, FortiClient and AVG Antivirus instanceGuid. Identify the instanceGuid, select 'Delete' button to remove record from Windows Security Center.
