Antivirus Update Check - Microsoft Security Center
December 5, 2023: The check pass / fail criteria is now stricter—the new logic means any product returned by the check that is either out of date or disabled causes the check to fail. See the pass / fail criteria below for the new details.
The Microsoft Security Center Antivirus Update Check is supported only for Windows workstations because Windows servers do not include the Microsoft Security Center.
Microsoft Security Center is a built-in tool for Windows desktop operating systems that automatically detects installed antivirus products and provides their status.
You can add an N-sight RMM Antivirus Update Check to query Microsoft Security Center to check for installed third-party antivirus product details on Windows workstations. The product details display in the More Information dialog that is available from the South-pane Checks tab.
We only query the Microsoft Security Center for product details to display in N-sight RMM and to determine check pass or fail. Since Microsoft Security Center may recognize some security products as antivirus products, such as SentinelOne EDR or MalwareBytes, those products display in the check's More Information dialog.
To add the Microsoft Security Center Antivirus Update check, select the Microsoft Security Center option when you add an Antivirus Update Check. For instructions to add a check, see Add Check configuration.
When you add a Microsoft Security Center Antivirus Update check, the Exclude Windows Defender checkbox is selected by default. This means that Windows Defender is ignored by default when the Microsoft Security Center Antivirus Update check evaluates pass/fail criteria. When you add the check, you can clear this checkbox to include Windows Defender in the pass/fail criteria.
Check pass / fail criteria - Windows Defender excluded (default)
- Pass Criteria—All antivirus solutions are reported as enabled and are up to date.
- Fail Criteria—One or more antivirus solutions are reported as disabled or out of date.
| Third-party antivirus | Check status | Description | ||
|---|---|---|---|---|
| Installed | Enabled | Up to date | ||
|
|
|
Pass | Third-party antivirus installed, enabled and up to date. |
|
|
|
|
Fail | Third-party antivirus installed but disabled. |
|
|
|
|
Fail | Third-party antivirus installed but out of date. |
|
|
|
|
Fail | Third-party antivirus installed but disabled and out of date. |
|
|
— | — | Fail | Third-party antivirus not installed. |
Check pass / fail criteria - Windows Defender included
- Pass Criteria
- There is no third-party antivirus installed, but Windows Defender is installed, enabled, and up to date.
- A third-party antivirus in installed. enabled, and up to date.
- Fail Criteria
- There is no third-party antivirus installed, and Windows Defender is disabled, or disabled and out of date.
- One or more third-party antivirus solutions are installed but one or more of them are reported as disabled or out of date.
| Windows Defender | Third-party antivirus | Check status | Description | ||||
|---|---|---|---|---|---|---|---|
| Installed | Enabled | Up to date | Installed | Enabled | Up to date | ||
|
|
|
|
— | — | Pass | No third-party antivirus. Defender installed, enabled, and up to date. |
|
|
|
|
|
— | — | Fail | No third-party antivirus. Defender disabled. |
|
|
|
|
|
— | — | Fail | No third-party antivirus. Defender disabled and out of date. |
|
|
|
|
|
|
|
Pass | Third-party antivirus installed, enabled, and up to date. |
|
|
|
|
|
|
|
Pass | Third-party antivirus installed, enabled, and up to date. |
|
|
|
|
|
|
|
Fail | Third-party antivirus installed, but disabled. |
|
|
|
|
|
|
|
Fail | Third-party antivirus installed, but disabled. |
|
|
|
|
|
|
|
Fail | Third-party antivirus installed, but out of date. |
|
|
|
|
|
|
|
Fail | Third-party antivirus installed, but disabled and out of date. |
|
|
|
|
|
|
|
Fail | Third-party antivirus installed but disabled and out of date. |
The Antivirus Update Check - Microsoft Security Center will eventually replace the Windows Defender option and be the default Antivirus Update Check for Windows workstations.