Problem solved with help from Fortinet Support:
To narrow down the issue, we would need you check how many antiviruses are registered with Windows Security Center. Please execute the query shown in the attached screenshot in the affected machine and sent me the result. You can download Nirsoft SimpleWMIView at .
WMI Namespace: root\SecurityCenter2
WMI Class/Query: AntivirusProduct
There I could see that Trend Micro Security Agent is still registered as AV.
Using wbemtest utility with Administrator privileges I was able to delete the Trend Micro entry.
• Click the Connect button
• Replace root\default with root\securitycenter2
and click Connect
• You will be returned to the original screen, now click the Enum Classes button, leave the Superclass info box that appears as is (empty) and click OK
• On the Query Results screen, click on Instances and delete appropriate entry
• Close the Query windows and exit wbemtest
reboot the box