Identifying Installed Antivirus Product

by Sep 3, 2020

A PowerShell one-liner can help you identify the antivirus product installed on a Windows box:

PS> Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntiVirusProduct 

Add the -ComputerName parameter to query remote systems.

Note that this line returns only antivirus products that properly registered. The result looks similar to this and provides you with AV product and install location:

displayName              : Windows Defender
instanceGuid             : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
pathToSignedProductExe   : windowsdefender://
pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe
productState             : 397568
timestamp                : Wed, 29 Jul 2020 18:37:24 GMT

Twitter This Tip! ReTweet this Tip!