question

hooked-7092 avatar image
0 Votes"
hooked-7092 asked hooked-7092 edited

Get-CimInstance -Namespace root\SecurityCenter2 -Class AntiVirusProduct ---> Not workong on Windows server 2016

Hi
I am trying to fetch the installed AV/EDR software on Windows Server 2016,
I tried to execute Get-CimInstance -Namespace root\SecurityCenter2 -Class AntiVirusProduct
The namespace does not exist.

How can i fetch is properly?

Thanks!

windows-server-2016
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thanks for posting on our forum!

I would like to check something first:
1) Did you set EDR in block mode before you tried to fetch the installed AV/EDR?
2) If 1) is true, have you set Microsoft Defender Antivirus in active mode?

I am not so familiar with the command you sent to me and still needs some time to research on that. But I think you can read this article to try to find some useful tips:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide

Thanks for your support!

BR,
Joan

0 Votes 0 ·

Well,
In my WindowsServer 2016 machine, Did not have any A/V installed, maybe thats the reason for the exception?
Maybe the machine must have atleast 1 AV installed or instaleld and then remove (so it will enforce the namespace creation)?

I would expect to receive empty list if no AV installed (and not namespace not available).

im going to do small test, install free AV and then check that command

0 Votes 0 ·

1 Answer

hooked-7092 avatar image
0 Votes"
hooked-7092 answered hooked-7092 edited

For Windows Server 2016 the EDR Block mode not supported,
From MSDN
Currently, running Microsoft Defender Antivirus in passive mode is not supported on Windows Server 2016
Get-MPComputerStatus | select AMRunningMode returns empty

I will get Windows Server 2019 to check.

In addition for the Windows Server 2016 I see defender is installed and running, but still powershell throwing exception :(

120296-windowsdefender2.png



120303-windowsdefender.png



windowsdefender2.png (147.6 KiB)
windowsdefender.png (33.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.