|
Description |
This article describes how ZTNA rule-type Antivirus software understands running processes and troubleshooting steps against possible stale entry records. |
|
Scope |
FortiClient, ZTNA |
|
Solution |
To check Forticlient AV status for specific ZTNA tags and up-to-date status.
The following PowerShell command can be used.
Get-WmiObject -Namespace "root\SecurityCenter2" -Class AntiVirusProduct | Format-List *
That query will bring results against existing AV softwares from WSC on the corresponding machine.
Forticlient will read the running state of the installed AV status first entry in the row. The value for the product state in this example shows Forticlient is enabled and the antivirus signature is up-to-date. 266240 -->1000001000000000000 The following other states could be faced so far:
FortiClient will read the status from the product state.
If there is any challenge where third-party software is not reporting correct information to the Windows security center, it would be better to confirm with the AV provider whether updates are sent to the Windows security center.
If multiple stale entries exist under the security center, it is better to check the following sample and clear entries.
Open run (Windows Key + R) with administrator privileges:
Alternatively, open the CLI and run the following:
runas /user:computername\Administrator WBEMTEST.exe
The namespace would be the same as what was seen under PowerShell:
Get-WmiObject -Namespace "root\SecurityCenter2" -Class AntiVirusProduct | Format-List *
Select Query:
SELECT * from Antivirusproduct or Antivirusproduct2
This depends on what was observed under __CLASS.
In this way, there is an option to clear entries from the Windows security center.
If there are still observed issues after the provided steps, a support ticket can be created to troubleshoot further details. |
