Remove remnants of previous antivirus
View and Remove using GUI
You may be able to manually clear the entries from WMI (we are using WMI to query for AV products). Please see below for a high-level overview.
Run wbemtest as Admin
Connect to root\SecurityCenter2
Click Enum Instances....
Type in AntiVirusProduct for the superclass name.
Result appears:
If you open each query result, there will be properties that reveal which product they are (such as displayName). You can then click "delete" on the screen after step 4. Take care to not delete Microsoft Windows Defender!
View using PowerShell
Below is a simple PowerShell query that you can run, which emulates the check the Huntress agent performs. If the offending antivirus is not listed, the Huntress agent will no longer report it as a registered antivirus after the next survey.
Get-CimInstance -Namespace root\SecurityCenter2 -Class AntiVirusProduct
Here are two alternate versions in case the above command doesn't work (for legacy systems).
Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct
WMIC /Node:localhost /Namespace:\root\SecurityCenter2 Path AntiVirusProduct Get displayName
Remove using PowerShell
This PowerShell command can be modified to surgically remove the offending 3rd party AV. You'll need to determine it's exact name using the above section. Once you have the exact name replace the first variable's value with the exact name.
$AVDisplayName = "Webroot SecureAnywhere"
Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct | Where-Object { $.displayName -eq $AVDisplayName} | ForEach-Object{$.Delete()}
For a quicker resolution, this PowerShell command removes all AV's except Microsoft Defender. Please take care when using this command as you don't want to accidentally remove Microsoft Defender. Highly recommend you verify the name matches exactly with the version of Microsoft Defender you're currently running.
Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct | Where-Object { $.displayName -ne "Windows Defender" } | ForEach-Object{$.Delete()}