‎11-18-2014 04:17 PM - last edited on ‎07-05-2023 09:20 AM by ErikT
The below script will clear the anti-virus WMI class in the SecurityCenter or SecurityCenter2 namespace, depending on the Windows OS. After a reboot of the client machine, WMI will rebuild this class.
If you're running this script as a deployment package:
On Error Resume Next
Set shell = CreateObject("WScript.Shell")
Set getOSVersion = shell.exec("%comspec% /c ver")
version = getOSVersion.stdout.readall
Select Case True
Case InStr(version, "n 5.") > 1 : GetOS = 0 'Windows XP
Case InStr(version, "n 6.") > 1 : GetOS = 1 'Windows Vista, 7, 8, 8.1
Case InStr(version, "n 10.") > 1 : GetOS = 1 'Windows 10
Case Else : GetOS = -1
End Select
strComputer = "."
If GetOS = 0 Then
Set oWMI = GetObject( _
"winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\SecurityCenter")
Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")
For Each objItem In colItems
objItem.Delete_
Next
End If
If GetOS = 1 Then
Set oWMI = GetObject( _
"winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\SecurityCenter2")
Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")
For Each objItem In colItems
objItem.Delete_
Next
End If
‎08-16-2024 07:51 PM
Hello,
I used this package for deployment, but below are the validations and the script.vbs to fix this AV issue.
Correction address:
Validation 1
Stop the service, remove or rename the folder, and start the service.
net stop winmgmt /y
ren %windir%\System32\wbem\Repository Repository.old
net start winmgmt
The device needs to be restarted to normalize the registry.
Validation 2
Manual - run wbemtest
in cmd
Connect to the namespace root\SecurityCenter2
Enumerate the superclass instance AntivirusProduct
Remove the registry {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}
There is a script below in VBS that allows deletion by searching for the AV name.
strPC = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strPC & "\root\SecurityCenter2")
Set colAV = objWMIService.ExecQuery("Select * from AntiVirusProduct")
For Each objItem In colAV
If InStr(objItem.displayName, "AV Name") > 0 Then
objItem.Delete_
End If
Next
‎04-06-2016 03:07 AM
‎11-20-2014 11:56 AM
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now