Detecting Software Version

Plugin 16193 - Antivirus Software Check is the primary plugin that checks to see if antivirus software is installed on the remote host and is up-to-date. Other plugins that check for the presence of anti-malware software include the following:

  • 84432 AVG Internet Security Detection

  • 136761 BitDefender Endpoint Security Tools Detection (Windows)

  • 170672 McAfee Total Protection Installed (Windows) windows defender

  • 131023 Windows Defender Installed

  • 112279 Windows Defender Advanced Threat Protection Installed (Windows)

  • 131725 Sophos Anti-Virus Installed (Windows)

  • 133962 Sophos Anti-Virus Installed (Linux)

  • 54845 Sophos Anti-Virus for Mac OS X Detection

  • 58951 Comodo Antivirus / Internet Security Installed

  • 22419 Symantec SAVCE/Client Security Service Detection

  • 31857 Symantec AntiVirus Scan Engine Detection

Plugin Search Example:

To search for the plugins that detect anti-malware or antivirus software in the environment, navigate to the Tenable Plugin Search page and perform the following steps:

Step 1: Use the Plugin Name filter to identify plugins that contain a specified text

Step 2: Search for plugins that contain the string “anti-malware” or “antivirus” in the plugin Step 3: The Relevance filter (3) can be used to further refine the search for plugins based on the CVSS v3 Base Score

Scan data can be searched on Security Center or Tenable Vulnerability Management to identify antivirus software in the environment. The following image provides an example of performing a filter search from the Findings page in Tenable Vulnerability Management.

Step 1: Click on the Advanced button

Step 2: Enter the search conditions

Step 3: Click on the Apply button

Click on any of the findings, as shown in Step 1 in the following image to display more information gathered about the asset for this plugin as shown in Step 2.

To display further details about the plugin findings, click on the “See All Details” button shown in Step 3 in the image above, which provides more information about the asset, including the Asset Criticality Rating (ACR). In this example, the ACR is Medium and the Plugin Output indicates that the antivirus solution, while installed, is not running and may no longer be supported.