Remove Phantom Antivirus from Vista WMI Repository


In testing Spiceworks today, I discovered that a Vista machine was reporting that it had two antivirus products installed. Even after following the instructions Manually uninstalling the Client/Server Security Agent from a computer running Windows Vista, Spiceworks was still reporting Trend as installed as well as NOD32 (which really is installed). I downloaded and ran WMI Diagnosis Utility from Microsoft, but that didn't fix it either.


Finally I found a Microsoft forum post that led me down the right path. With many thanks to its author prabhu_hv, here is a modified procedure to only delete one antivirus product:

  1. Click Start, go to Command Prompt, and right-click to Run as administrator.
  2. Run the command wbemtest and click Connect button.
  3. Enter “root\SecurityCenter” in the Namespace field and click OK.
  4. Click on “Enum Instances” button. Enter “AntivirusProduct” as the superclass name and click on OK.
  5. You should see two AntiVirusProduct.instanceGuid entries. Double-click on each one and review the properties to determine which Guid corresponds to the antivirus product that is no longer installed. Then close the Object Editor.
  6. In the Query Result window, highlight the incorrect AntivirusProduct and click on the Delete button. Then click Close to close the Query Result window.
  7. Click the Exit button to exit the Windows Management Instrumentation Tester.

At this point, WMI and thus Spiceworks should only report the “real” antivirus product.

1 thought on “Remove Phantom Antivirus from Vista WMI Repository

  1. Ron

    I had a similar issue where CA anti-virus showed up as an installed AV but one that was incompatible. I used the steps you laid out and it worked for my issue as well… Thanks so much!

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.