Skip to main content
Barracuda MSP Partner Toolkit

Security Assessment - Details for AV collection

Servers

Below is the list of AV products that Network Assessment currently detect in Windows Server Device and the registry keys that are used to detect the existence of the AV product:

Product Registry Key
Symantec Endpoint Protection HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection
Sophos Server Protection HKLM\SOFTWARE\Sophos
Sophos Server Protection(32bit) HKLM\SOFTWARE\Wow6432Node\Sophos
Avast Business Security HKLM\SOFTWARE\AVAST Software\Avast
Avast Endpoint protection Suite HKLM\SOFTWARE\WOW6432Node\AVAST Software\Avast
AVG CloudCare HKLM\SOFTWARE\AVG
Kaspersky Total Security For Business HKLM\SOFTWARE\Wow6432Node\KasperskyLab
G DATA Security HKLM\SOFTWARE\G DATA\AVKWaechter
Bitdefender Endpoint Security HKLM\SOFTWARE\Bitdefender\Endpoint Security
McAfee Endpoint Security HKLM\SOFTWARE\McAfee\Agent
Trend Micro Worry-Free Business Security HKLM\SOFTWARE\TrendMicro
ESET Security HKLM\SOFTWARE\ESET\ESET Security
F-Secure Server Security HKLM\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\DAAS2

Workstations

For workstations, we use the following WMI class to collect installed AntiVirus software.

Namespace Class
root/SecurityCenter2 AntivirusProduct

You can query the WMI class in PowerShell using the following command

Get-WmiObject AntivirusProduct -namespace root/SecurityCenter2  `

select displayName,instanceGuid,pathToSignedProductExe,pathToSignedReportingExe,productState,timestamp,PSComputerName

  • Was this article helpful?