1

I have been using WMI to retrieve the antivirus/antispyware/firewall products registered in the Windows Security Center. Since last month duplicate entries for ESET Internet Security started showing up (since v12.2.29). Somebody else said it also happened with McAfee.

ESET said that since Windows 8, WMI should not be used to check this as there is new API made specifically for this. Apparently this is IWscProduct, which indeed does not seem to report the duplicates.

But I want to know if WMI can still be used as well, as this is required for pre-Win8 and I have not seen any reports that it shouldn't be used in Win8+ anymore.

To test, use this command line to check the installed antivirus products: WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get /Format:List

And this is what it outputs on my computer:

displayName=Windows Defender
instanceGuid={D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
pathToSignedProductExe=windowsdefender://
pathToSignedReportingExe=%ProgramFiles%\Windows Defender\MsMpeng.exe
productState=393472
timestamp=Fri, 11 Oct 2019 16:09:34 GMT

displayName=ESET Security
instanceGuid={885D845F-AF19-0124-FECE-FFF49D00F440}
pathToSignedProductExe=C:\Program Files\ESET\ESET Security\ecmds.exe
pathToSignedReportingExe=C:\Program Files\ESET\ESET Security\ekrn.exe
productState=266240
timestamp=Mon, 11 Nov 2019 08:20:20 GMT

displayName=ESET Security
instanceGuid={EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
pathToSignedProductExe=C:\Program Files\ESET\ESET Security\ecmds.exe
pathToSignedReportingExe=C:\Program Files\ESET\ESET Security\ekrn.exe
productState=266240
timestamp=Wed, 02 Oct 2019 07:08:22 GMT

Windows Defender is disabled and as you can see, the second ESET entry has not been touched for over a month now.

Now my questions are:

  1. Can WMI(C) still be used to query the Windows Security Center in Win8+?
  2. If not, has anybody seen any reports/warnings about this?
  3. Or is this a Microsoft bug?
  4. Or is ESET (and McAfee?) doing something wrong (registering a new version without deregistering the old one)?

Any help is much appreciated.

Arnoud Klaren
  • 93
  • 1
  • 9
  • you probably have updated Eset to a newer version. I suppose this is an error caused by the installer. – Paweł Piwowar Nov 26 '19 at 20:51
  • That's what I thought, but when I informed them, they told me that I shouldn't use WMI for this anymore. Hence my 4 questions. – Arnoud Klaren Nov 27 '19 at 21:22
  • It looks like McAfee indeed has/had the same problem (see https://community.mcafee.com/t5/Endpoint-Security-ENS/Windows-10-fails-to-detect-McAfee-ENS-10-6-1-running-and-Windows/m-p/637450/highlight/true#M5599). I will refer them to this post. – Arnoud Klaren Nov 27 '19 at 21:25
  • I am still facing this issue. The IWscProduct interface is only available in C++ and I need it in VB.NET. Anyone? – Arnoud Klaren Oct 30 '20 at 15:38
  • @ArnoudKlaren So what did they suggested to use? – Mahmood Jenami Jul 08 '21 at 04:45

0 Answers0