Hi
I am trying to fetch the installed AV/EDR software on Windows Server 2016,
I tried to execute Get-CimInstance -Namespace root\SecurityCenter2 -Class AntiVirusProduct
The namespace does not exist.
How can i fetch is properly?
Thanks!
Hi
I am trying to fetch the installed AV/EDR software on Windows Server 2016,
I tried to execute Get-CimInstance -Namespace root\SecurityCenter2 -Class AntiVirusProduct
The namespace does not exist.
How can i fetch is properly?
Thanks!
Hi,
Thanks for posting on our forum!
I would like to check something first:
1) Did you set EDR in block mode before you tried to fetch the installed AV/EDR?
2) If 1) is true, have you set Microsoft Defender Antivirus in active mode?
I am not so familiar with the command you sent to me and still needs some time to research on that. But I think you can read this article to try to find some useful tips:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide
Thanks for your support!
BR,
Joan
Well,
In my WindowsServer 2016 machine, Did not have any A/V installed, maybe thats the reason for the exception?
Maybe the machine must have atleast 1 AV installed or instaleld and then remove (so it will enforce the namespace creation)?
I would expect to receive empty list if no AV installed (and not namespace not available).
im going to do small test, install free AV and then check that command
For Windows Server 2016 the EDR Block mode not supported,
From MSDN
Currently, running Microsoft Defender Antivirus in passive mode is not supported on Windows Server 2016
Get-MPComputerStatus | select AMRunningMode returns empty
I will get Windows Server 2019 to check.
In addition for the Windows Server 2016 I see defender is installed and running, but still powershell throwing exception :(


5 people are following this question.