Skip to main content

Troubleshooting: Removing Previous Third Party Antivirus (non-server OS only)

Rachael Robinson
  • Updated

Our Support Team has come up with a manual remedy to uninstall 3rd party AV, however we won't be able to help you troubleshoot any issues that could theoretically arise from modifying Windows values.

If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically (client OS's only). If you uninstall the other app, Microsoft Defender Antivirus will turn back on automatically.

Overview

In order for Huntress to manage Microsoft Defender Antivirus, any third-party AV programs need to be uninstalled. Here you'll find links to resources and solutions to issues we've helped resolve. 

 

Links

Transition to Huntress Managed AV: "Other AV"

Microsoft Resources:
Uninstalling from Windows 10

Uninstalling from Windows 8

Webroot Resources:
Uninstalling Webroot

Common Ticket/Issues

mceclip0.png

  • The Huntress Managed AV service data is gathered from WMI (Windows Management Instrumentation)
  • Sometimes AVs (commonly Webroot) don't correctly "de-register" themselves from WMI.
  • Huntress displays "missing" because executables exist for 'registered' antivirus.'
  • It does not affect the functionality of Microsoft Defender (or Managed AV).

    Currently, the way to altogether "remove" an offending AV isn't the most straightforward.

    Our Support Team has come up with a manual remedy; you may want to look over the guidance below. However, we won't be able to help you troubleshoot any issues that could theoretically arise from modifying Windows values.

Below is a simple PowerShell query that you can run, which emulates the check the Huntress agent performs. If the offending antivirus is not listed, the Huntress agent will no longer report it as a registered antivirus after the next survey.

WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List


You may be able to manually clear the entries from WMI (we are using WMI to query for AV products). Please see below for a high-level overview.

  1. Run wbemtest as Admin.
  2. Connect to root\SecurityCenter2.
  3. Click Enum Instances....
  4. Type in AntiVirusProduct for the superclass name.

Result appears:
mceclip1.png

If you open each query result, there will be properties that reveal which product they are (such as displayName). You can then click "delete" on the screen after step 4.

Additional information about Transitioning to Huntress Managed AV: "Other AV"

 

Related articles:

 

Comments

0 comments

Please sign in to leave a comment.

Related articles