Detecting Software Version
Plugin 16193 - Antivirus Software Check is the primary plugin that checks to see if antivirus software is installed on the remote host and is up-to-date. Other plugins that check for the presence of anti-malware software include the following:
84432 AVG Internet Security Detection
136761 BitDefender Endpoint Security Tools Detection (Windows)
170672 McAfee Total Protection Installed (Windows) windows defender
131023 Windows Defender Installed
112279 Windows Defender Advanced Threat Protection Installed (Windows)
131725 Sophos Anti-Virus Installed (Windows)
133962 Sophos Anti-Virus Installed (Linux)
54845 Sophos Anti-Virus for Mac OS X Detection
58951 Comodo Antivirus / Internet Security Installed
22419 Symantec SAVCE/Client Security Service Detection
31857 Symantec AntiVirus Scan Engine Detection
Plugin Search Example:
To search for the plugins that detect anti-malware or antivirus software in the environment, navigate to the Tenable Plugin Search page and perform the following steps:
Step 1: Use the Plugin Name filter to identify plugins that contain a specified text
Step 2: Search for plugins that contain the string “anti-malware” or “antivirus” in the plugin Step 3: The Relevance filter (3) can be used to further refine the search for plugins based on the CVSS v3 Base Score
Scan data can be searched on Security Center or Tenable Vulnerability Management to identify antivirus software in the environment. The following image provides an example of performing a filter search from the Findings page in Tenable Vulnerability Management.
Step 1: Click on the Advanced button
Step 2: Enter the search conditions
Step 3: Click on the Apply button
Click on any of the findings, as shown in Step 1 in the following image to display more information gathered about the asset for this plugin as shown in Step 2.
To display further details about the plugin findings, click on the “See All Details” button shown in Step 3 in the image above, which provides more information about the asset, including the Asset Criticality Rating (ACR). In this example, the ACR is Medium and the Plugin Output indicates that the antivirus solution, while installed, is not running and may no longer be supported.