Security Assessment - Details for AV collection
Servers
Below is the list of AV products that Network Assessment currently detect in Windows Server Device and the registry keys that are used to detect the existence of the AV product:
Product | Registry Key |
Symantec Endpoint Protection | HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection |
Sophos Server Protection | HKLM\SOFTWARE\Sophos |
Sophos Server Protection(32bit) | HKLM\SOFTWARE\Wow6432Node\Sophos |
Avast Business Security | HKLM\SOFTWARE\AVAST Software\Avast |
Avast Endpoint protection Suite | HKLM\SOFTWARE\WOW6432Node\AVAST Software\Avast |
AVG CloudCare | HKLM\SOFTWARE\AVG |
Kaspersky Total Security For Business | HKLM\SOFTWARE\Wow6432Node\KasperskyLab |
G DATA Security | HKLM\SOFTWARE\G DATA\AVKWaechter |
Bitdefender Endpoint Security | HKLM\SOFTWARE\Bitdefender\Endpoint Security |
McAfee Endpoint Security | HKLM\SOFTWARE\McAfee\Agent |
Trend Micro Worry-Free Business Security | HKLM\SOFTWARE\TrendMicro |
ESET Security | HKLM\SOFTWARE\ESET\ESET Security |
F-Secure Server Security | HKLM\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\DAAS2 |
Workstations
For workstations, we use the following WMI class to collect installed AntiVirus software.
Namespace | Class |
root/SecurityCenter2 | AntivirusProduct |
You can query the WMI class in PowerShell using the following command
|