Kaseya Community

AV out-of-date flag

  • This might be the wrong forum for this, but does anyone know the regestry entry or flag bits that tell Microsoft Security that an AV is off or out-of-date?  I'm trying to do an out-of-date AV procedure, and checking the flag seemed to be the most straightforward way of doing it.  I know that not all AV are supported for this check, but the ones I'm checking for are.

  • Sean, were you able to get anywhere with this? I'm curious too.

  • Try HKLM\SOFTWARE\Microsoft\SecurityCenter\AntiVirusDisableNotify

    and                                                                               \AntiVirusOverride

  • I have used this on some computers but as sean has said it only works for machines running security center.

    wmic /NAMESPACE:\\root\SecurityCenter PATH AntiVirusProduct GET * /value

    and

    wmic /NAMESPACE:\\root\SecurityCenter2 PATH AntiVirusProduct GET * /value

    If the problem state's are these then

    productState=262144 = Up to Date Defs, On Access Scanning OFF

    productState=266240 = Up to Date Defs, ON Access Scanning ON

  • @Lingario

    That is what I ended up doing, but slightly modified for pre-Vista machines.  Pre-Vista has 3 separate values that are later combined into the product state.  These are:

    root\SecurityCenter:AntiVirusProduct.displayName

    root\SecurityCenter:AntiVirusProduct.productUpToDate

    root\SecurityCenter:AntiVirusProduct.onAccessScanningEnabled

    This may sound odd, but I think the "true" value is -1.  I got this value using multiple up to date AVs.

    Also, those aren't the only product states I've run into for Vista and later.  This is because some AV's don't have built in automatic updates and some other features.  I found a pretty descriptive article about how these values are obtained, and it has a list for some common product states.

    www.neophob.com/.../wmi-query-windows-securitycenter2

    Hope this helps.

  • Months ago now, you guys should try and use the search function before posting Stick out tongue

    community.kaseya.com/.../1020.aspx

    FYI there are more productState codes then just "0 & -1" and "262144 & 266240" it actually depends on the AV product that you are using...