FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
jkoay
Staff
Staff
Article Id 197966
Description
This article describes the situation where Third party Antivirus application had been uninstalled from endpoint but FortiClient is still detecting it

Solution
FortiClient queries Windows Security Center to determine for any third Antivirus software installed and if it detects a third party Antivirus application, realtime protection will be disabled.

Follow steps below to remove any third party Antivirus from Windows Security Center record:

1) Run Windows PowerShell as administrator and execute command below to obtain Antivirus product name and InstanceGuid which will be useful for the 2nd step to identify record that we would like to remove:
gwmi -Namespace root\securitycenter2 -Class AntivirusProduct






In the screenshot above, there is a 3rd party Antivirus software recorded in Windows Security Center.

2) To remove the AVG Antivirus record, go to Start -> Search for ‘wbemtest’ and run as administrator.

Select the 'Connect…' button:



Fill in namespace 'root/securitycenter2' and select 'Connect':






Select 'Query…' button, execute command 'SELECT * from Antivirusproduct' and select 'Apply'.





Query results show Windows Defender, FortiClient and AVG Antivirus instanceGuid.
Identify the instanceGuid, select 'Delete' button to remove record from Windows Security Center.

Contributors