Hi all! I’m working to gather all the AV installed in the computers of my org. The problem is that I’m not being able to detect the AV installed on windows server. AFAIK, it’s a common issue due to security center problem in that OS. There is any workaround to detect installed AV and if it’s enabled ?

If it doesn't appear in Windows security center, then you would I suppose need to detect its autostart entry https://osquery.io/schema/5.10.2/#autoexec or if you know where its other registry keys are, checking those directly.

Thanks! I’ve also try to do the same with the service. The only thing it’s messing is that I’m not going to be able to detect if it’s enabled