search
githubEdit

AV Enumeration

hashtag
AV Enumeration

hashtag
Check if Defender is enabled

Get-MpComputerStatus

Get-MpComputerStatus | Select AntivirusEnabled

hashtag
Check if defensive modules are enabled

Get-MpComputerStatus | Select RealTimeProtectionEnabled, IoavProtectionEnabled,AntispywareEnabled | FL

hashtag
Check if tamper protection is enabled

Get-MpComputerStatus | Select IsTamperProtected,RealTimeProtectionEnabled | FL

hashtag
Alternate AV products

Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct

hashtag
Decode "Product State" to hex can help identify which antivirus is enabled

'0x{0:x}' -f <ProductState>
'0x{0:x}' -f 393472
PreviousAV DisableNextAntivirus Evasion

Last updated