Hello,
FortiClient 6.2.3.0912 on windows 10 computer is configured through EMS.
I cannot activate Real time protection. The reason is quite clearly esxplained in log:
06.02.2020 08:42:22 Information Config Third-Party AV (Trend Micro Security Agent, ) is installed. To avoid conflicts, scheduled AV scans will not be imported.
06.02.2020 08:42:22 Information Config Third-Party AV (Trend Micro Security Agent, ) is installed. To avoid conflicts, real-time AV will not be enabled.
06.02.2020 08:42:22 Error Config Error in importing module: xmlav
06.02.2020 08:42:22 Debug Config 'scan on registration' is disabled - delete 'on registration' vulnerability scan.
06.02.2020 08:42:22 Debug Config ImportConfig: tag <\forticlient_configuration\antiexploit\exclusion_applications> value is empty.
The problem is that I already uninstalled the Trend Micro Security Agent. I manually checked that all TM files are deleted from the disk. I manually checked that there are no TM keys in registry. I checked if there are some running TM services. I have several times restarted my laptop. But whetever I tried the Real time protection stays off.
Is there anything else what I can do?
Thanks!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Problem solved with help from Fortinet Support:
To narrow down the issue, we would need you check how many antiviruses are registered with Windows Security Center. Please execute the query shown in the attached screenshot in the affected machine and sent me the result. You can download Nirsoft SimpleWMIView at [1]. [1] https://www.nirsoft.net/utils/simple_wmi_view.html
WMI Namespace: root\SecurityCenter2
WMI Class/Query: AntivirusProduct
There I could see that Trend Micro Security Agent is still registered as AV.
Using wbemtest utility with Administrator privileges I was able to delete the Trend Micro entry.
• Click the Connect button • Replace root\default with root\securitycenter2 and click Connect • You will be returned to the original screen, now click the Enum Classes button, leave the Superclass info box that appears as is (empty) and click OK • On the Query Results screen, click on Instances and delete appropriate entry • Close the Query windows and exit wbemtest reboot the box
Problem solved with help from Fortinet Support:
To narrow down the issue, we would need you check how many antiviruses are registered with Windows Security Center. Please execute the query shown in the attached screenshot in the affected machine and sent me the result. You can download Nirsoft SimpleWMIView at [1]. [1] https://www.nirsoft.net/utils/simple_wmi_view.html
WMI Namespace: root\SecurityCenter2
WMI Class/Query: AntivirusProduct
There I could see that Trend Micro Security Agent is still registered as AV.
Using wbemtest utility with Administrator privileges I was able to delete the Trend Micro entry.
• Click the Connect button • Replace root\default with root\securitycenter2 and click Connect • You will be returned to the original screen, now click the Enum Classes button, leave the Superclass info box that appears as is (empty) and click OK • On the Query Results screen, click on Instances and delete appropriate entry • Close the Query windows and exit wbemtest reboot the box
All of this is correct except for deleting the Superclass for Antivirus. This causes all kind of issues with Windows Virus & Threat Protection in Windows 10. The better way is to rather than clicking on Enum Class to click on Enum Instance and put in "AntivirusProduct" in the superclass. This will give you the correct list of the AV products UID's
Run the following in power shell to get the list with product names
wmic /namespace:\\root\SecurityCenter2 PATH AntiVirusProduct get *
Then delete the entry in wbemtest that is for your old AV product. Leaving the other entry's intact.
Then reboot and the Forticlient will activate AV and run a scan.
I have the same problem but with ESET
I had this problem with Kaspersky Antivirus. I uninstalled, ran their uninstaller, and still SecurityCenter2 included an entry for the product. Support told me I'd have to work with Kaspersky. I found the above solution on my own and it resolve the issue.
Same as Deano, uninstalled Kaspersky Enpoint Security remained in Security Center. Here are the commands to find the product registraiton and remove it:
wmic /namespace:\\root\SecurityCenter2 PATH AntiVirusProduct get *
copy the Guid from the above command and paste it into the below command:
wmic /namespace:\\root\SecurityCenter2 PATH AntiVirusProduct WHERE instanceGuid='{0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}' DELETE
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.