In testing Spiceworks today, I discovered that a Vista machine was reporting that it had two antivirus products installed. Even after following the instructions Manually uninstalling the Client/Server Security Agent from a computer running Windows Vista, Spiceworks was still reporting Trend as installed as well as NOD32 (which really is installed). I downloaded and ran WMI Diagnosis Utility from Microsoft, but that didn't fix it either.
Finally I found a Microsoft forum post that led me down the right path. With many thanks to its author prabhu_hv, here is a modified procedure to only delete one antivirus product:
- Click Start, go to Command Prompt, and right-click to Run as administrator.
- Run the command wbemtest and click Connect button.
- Enter “root\SecurityCenter” in the Namespace field and click OK.
- Click on “Enum Instances” button. Enter “AntivirusProduct” as the superclass name and click on OK.
- You should see two AntiVirusProduct.instanceGuid entries. Double-click on each one and review the properties to determine which Guid corresponds to the antivirus product that is no longer installed. Then close the Object Editor.
- In the Query Result window, highlight the incorrect AntivirusProduct and click on the Delete button. Then click Close to close the Query Result window.
- Click the Exit button to exit the Windows Management Instrumentation Tester.
At this point, WMI and thus Spiceworks should only report the “real” antivirus product.