Antivirus Enumeration

Command for Antivirus Enumeration

WMIC Command:

wmic /node:localhost /namespace:\\root\SecurityCenter2 path AntivirusProduct get displayName

Command Breakdown:

• wmic: Windows Management Instrumentation Command-line tool.

• /node:localhost: Specifies the target system (localhost refers to the current machine).

• /namespace:\\root\SecurityCenter2: Specifies the WMI namespace containing antivirus product information. (Note: SecurityCenter2 is relevant for Windows Vista and later.)

• path AntivirusProduct: Queries the AntivirusProduct class in the specified namespace.

• get displayName: Requests the displayName property to list installed antivirus products.

---

Usage Instructions

1. Open Command Prompt: Launch Command Prompt with administrative privileges.

2. Execute the Command: Copy and paste the WMIC command into the Command Prompt and press Enter.

3. View Results: The command will output a list of installed antivirus products.

---

Expected Output

Upon successful execution, the output will look similar to this:

DisplayName
------------
Windows Defender
Symantec Endpoint Protection

---

Additional Context

• Importance: Enumerating antivirus products helps in:

  • Identifying potential security gaps.

  • Ensuring compliance with security policies.

  • Verifying the presence of malware protection.

• Considerations:

  • Administrative Privileges: Required to run WMIC commands.

  • WMI Service: Ensure that the Windows Management Instrumentation (WMI) service is running on the machine.

---

References

• WMIC Documentation: Microsoft Documentation on WMIC