Supported Antivirus Products

The latest version of the Advanced Monitoring Agent monitors the definition updates for the following products.

Vendor Product and version
Avast! Avast! Antivirus
Avast!
Avira Avira AntiVir Professional
Avira AntiVir Server
Bitdefender Bitdefender Client Security
Bitdefender Cloud Security
Bitdefender GravityZone Security for Endpoints
Bitdefender Security for Exchange
Bitdefender Security for Mail Servers
Bitdefender

The Bitdefender Check does not support fast ring updates.
CA CA eTrust Inoculan
CA eTrust inoculateIT
CA Antivirus
Eset Eset Nod32
F-Secure F-Secure Antivirus
GData GData Antivirus
Engine A (Bitdefender)
Engine B (Avast)
GData Antivirus Business and Enterprise Edition (Client)
Engine A (Bitdefender)
Engine B (Avast)
GData Antivirus Enterprise (Client)
Engine A (Bitdefender)
Engine B (Avast)
GData Antivirus Business (Client)
Engine A (Bitdefender)
Engine B (GData)
GData Antivirus
Engine A (Bitdefender)
Engine B (GData)
Grisoft Grisoft AVG
Kaspersky Kaspersky Antivirus
Kaspersky Anti-virus for Windows Servers Enterprise Edition
Kaspersky Endpoint Security for Windows for Fileservers
Kaspersky Endpoint Security for Windows Version
Kaspersky Endpoint Security
Kaspersky Enterprise Edition
Kaspersky Security for Microsoft Exchange Server
Kaspersky Security
Kaspersky Small Business Edition
Managed Antirvirus* Bitdefender Engine
VIPRE Engine
McAfee McAfree Antivirus
McAfee Endpoint Security
McAfee GroupShield
McAfee NetShield
McAfee Security Service for Exchange
McAfee Total Protection
McAfee VirusScan
McAfee WebShield
Microsoft Microsoft Forefront Client Security
Microsoft Forefront EndPoint Protection
Microsoft Security Center (workstations only)

For more information, see AV Check - Microsoft Security Center.
Microsoft System Center 2012 Endpoint Protection
Microsoft Security Essentials (including V2)
Windows Defender Antivirus (from Windows 8)

Security Intelligence Updates for Windows Defender Antivirus is delivered through Windows Update and handled by Patch Management for Windows where configured on the device.

To make sure computers receive these updates regardless of their severity classification, configure the Patch Policy Auto Approval settings for Microsoft to Approve for all Classifications and set the Installation Schedule to ensure the computers regularly receive these Security Intelligence Updates.

Please be aware that Security Intelligence Updates only deploy at the scheduled installation time configured in Patch Management. No updates will take place outside of this cycle. After configuring the Patch Management settings, we suggest changing the Antivirus Update Check Days to run to take account of the Patch installation schedule.

After configuring the Patch Management for Windows settings, we suggest changing the Antivirus Update Check Days to run to take account of the Patch installation schedule.
Windows Defender Antispyware (pre-Windows 8)
Norton Norton Antivirus

Included as part of the Symantec Antivirus Update Check

Norman Norman Antivirus
Norman Endpoint Protection
Panda Panda Security For Business
Panda Security For Business with Exchange
Panda Security For Enterprise
Panda Cloud Office Protection
Sophos

Sophos Antivirus

Pass/fail criteria for newer versions of Sophos AV, such as Intercept X, is based on information gathered from the local endpoint and does not necessarily indicate that the virus definitions installed on the endpoint are the latest as published by Sophos.

N-sight will indicate a failure where we determine various Sophos specific services are not running and the installed software indicates that it is not regularly updating.
Symantec Symantec Antivirus
Symantec Antivirus IntelligentUpdate
Symantec Antivirus LiveUpdate
Symantec Antivirus RapidRelease
Symantec Endpoint Protection
Symantec Endpoint Protection Cloud
Trend Trend Antivirus
Trend Micro Antivirus
Trend Officescan
Conventional Scan
Smart Scan
Trend ScanMail
Trend ServerProtect
Trend Worry Free Business Security
Conventional Scan
Smart Scan
Trend Worry-Free Business Security Services
VIPRE VIPRE Antivirus
VIPRE Antivirus Business
VIPRE Antivirus Business Premium
VIPRE Enterprise Agent
VIPRE Internet Security
VIPRE Premium
Webroot Webroot SecureAnywhere

* Managed Antivirus Engine (Bitdefender)

Managed Antivirus automatically adds a dedicated 24x7 Managed Antivirus Update Check (Bitdefender) during installation.

As the Managed Antivirus Update Check (Bitdefender) is a 24x7 Check it will not appear in the Daily or Weekly Reports.

Parallel installation of Mail Server Antivirus products with Managed Antivirus (VIPRE)

The following email server Antivirus products can be installed and monitored in parallel with Managed Antivirus (VIPRE)

  • Kaspersky Security for Microsoft Exchange Server

  • McAfee Security Service for Exchange

  • McAfee GroupShield

  • Trend ScanMail

 

Product and definition update notes

Vendor Product and notes

CA

CA eTrust
The Agent detects indicators for both CA eTrust definition file update mechanisms and adds Checks for both. As only one update mechanism is used, we recommend removing the inactive Check once the Agent uploads the results to the Dashboard.

Microsoft

Windows Defender Antivirus
From Windows 8 Windows Defender includes both an antivirus and antispyware component with the Windows Defender Antivirus Check monitoring both elements.

Prior to the release of Windows 8 Windows Defender only contained an antispyware component, monitored by the Windows Defender Antispyware Check.

Managed Antivirus can install alongside and deactivate Windows Defender using the technology included in the Competitor Antivirus Removal Tool (CART). CART must be enabled on the device to allow Managed Antivirus to install in parallel with Windows Defender.

Install Managed Antivirus alongside and deactivate Windows Defender using the technology included in the
Competitor Antivirus Removal Tool (CART). CART must be enabled on the device to allow to install in parallel with Windows Defender.

Symantec

Symantec Endpoint Protection
Symantec does not automatically install Symantec Endpoint Protection Client on computers running Symantec Endpoint Protection's Management Console. It may be necessary to install the Client as well as the Management Console onto the computer for protection and monitoring.

Trend

Trend OfficeScan and Trend Worry Free Antivirus

Both Trend Officescan and Trend Worry-Free Business Security have two scanning engines, Conventional Scan and Smart Scan with dedicated Checks for each engine per product, although only one may be active and returning data.

We automatically add Checks for the default Conventional Scans: Trend Officescan Conventional Scan or Trend Worry-Free Business Security Smart Scan Check.

To monitor the SmartScan engine, manually add the Smart Scans Checks:Trend Officescan Smart Scan Check or Trend Worry-Free Business Security Smart Scan Check

Webroot

Webroot SecureAnywhere
As there are no local signature definition updates for the Webroot SecureAnywhere Agent, the Advanced Monitoring Agent queries the update indicator of the local computer for the time of the last update.

Where the update time is outside of the entered "Number of days out-of-date" threshold the Check is reports as failed. For this Check "Always when out-of-date" will trigger a failure where an update has not taken place in the preceding 24 hours.

The Check queries a time entry, rather than a local definition file indicator, and could potentially lead to a false positive where no updates have been released by Webroot and downloaded to the Webroot SecureAnywhere Agent during the monitored period.

Unsupported Products

If we do not currently support your Antivirus product, add a daily Event Log Check or Script Check to monitor its status.

  • Add an Event Log Check if the backup product writes its status information to the Windows Event Log.

  • Author a script and add it as a Script Check where the Antivirus product writes its update status to other locations, for example native log files.

    For workstations we have included a Security Center script. This queries the Windows Security Center for the Antivirus update status, there the product writes this information to the Windows Security Center.

Sentinel One Monitoring

Sentinel One uses process behavior to monitor multiple processes to recognize attacks as they develop and respond at machine speed. This is different to signature-based detection from traditional AV solutions, which monitors processes as they execute, and not the processes that can spawn from of it. As such there is no Antivirus Check available.

A custom Service / Script Check has been developed and can be utilized to monitor Sentinel One instead. Please see Sentinel One Monitoring for details.