- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Realtime AV protection is off. Third-Party AV conf...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Realtime AV protection is off. Third-Party AV conflict.
Hello,
FortiClient 6.2.3.0912 on windows 10 computer is configured through EMS.
I cannot activate Real time protection. The reason is quite clearly esxplained in log:
06.02.2020 08:42:22 Information Config Third-Party AV (Trend Micro Security Agent, ) is installed. To avoid conflicts, scheduled AV scans will not be imported.
06.02.2020 08:42:22 Information Config Third-Party AV (Trend Micro Security Agent, ) is installed. To avoid conflicts, real-time AV will not be enabled.
06.02.2020 08:42:22 Error Config Error in importing module: xmlav
06.02.2020 08:42:22 Debug Config 'scan on registration' is disabled - delete 'on registration' vulnerability scan.
06.02.2020 08:42:22 Debug Config ImportConfig: tag <\forticlient_configuration\antiexploit\exclusion_applications> value is empty.
The problem is that I already uninstalled the Trend Micro Security Agent. I manually checked that all TM files are deleted from the disk. I manually checked that there are no TM keys in registry. I checked if there are some running TM services. I have several times restarted my laptop. But whetever I tried the Real time protection stays off.
Is there anything else what I can do?
Thanks!
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Problem solved with help from Fortinet Support:
To narrow down the issue, we would need you check how many antiviruses are registered with Windows Security Center. Please execute the query shown in the attached screenshot in the affected machine and sent me the result. You can download Nirsoft SimpleWMIView at [1]. [1] https://www.nirsoft.net/utils/simple_wmi_view.html
WMI Namespace: root\SecurityCenter2
WMI Class/Query: AntivirusProduct
There I could see that Trend Micro Security Agent is still registered as AV.
Using wbemtest utility with Administrator privileges I was able to delete the Trend Micro entry.
• Click the Connect button • Replace root\default with root\securitycenter2 and click Connect • You will be returned to the original screen, now click the Enum Classes button, leave the Superclass info box that appears as is (empty) and click OK • On the Query Results screen, click on Instances and delete appropriate entry • Close the Query windows and exit wbemtest reboot the box
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Problem solved with help from Fortinet Support:
To narrow down the issue, we would need you check how many antiviruses are registered with Windows Security Center. Please execute the query shown in the attached screenshot in the affected machine and sent me the result. You can download Nirsoft SimpleWMIView at [1]. [1] https://www.nirsoft.net/utils/simple_wmi_view.html
WMI Namespace: root\SecurityCenter2
WMI Class/Query: AntivirusProduct
There I could see that Trend Micro Security Agent is still registered as AV.
Using wbemtest utility with Administrator privileges I was able to delete the Trend Micro entry.
• Click the Connect button • Replace root\default with root\securitycenter2 and click Connect • You will be returned to the original screen, now click the Enum Classes button, leave the Superclass info box that appears as is (empty) and click OK • On the Query Results screen, click on Instances and delete appropriate entry • Close the Query windows and exit wbemtest reboot the box
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All of this is correct except for deleting the Superclass for Antivirus. This causes all kind of issues with Windows Virus & Threat Protection in Windows 10. The better way is to rather than clicking on Enum Class to click on Enum Instance and put in "AntivirusProduct" in the superclass. This will give you the correct list of the AV products UID's
Run the following in power shell to get the list with product names
wmic /namespace:\\root\SecurityCenter2 PATH AntiVirusProduct get *
Then delete the entry in wbemtest that is for your old AV product. Leaving the other entry's intact.
Then reboot and the Forticlient will activate AV and run a scan.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same problem but with ESET
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had this problem with Kaspersky Antivirus. I uninstalled, ran their uninstaller, and still SecurityCenter2 included an entry for the product. Support told me I'd have to work with Kaspersky. I found the above solution on my own and it resolve the issue.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same as Deano, uninstalled Kaspersky Enpoint Security remained in Security Center. Here are the commands to find the product registraiton and remove it:
wmic /namespace:\\root\SecurityCenter2 PATH AntiVirusProduct get *
copy the Guid from the above command and paste it into the below command:
wmic /namespace:\\root\SecurityCenter2 PATH AntiVirusProduct WHERE instanceGuid='{0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}' DELETE
Labels
-
FortiGate
6,461 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
55 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
High Availability
21 -
FortiConverter
21 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.