Does anyone know if Action/Security Center uses a registry key (or file) to determine whether or not to notify the user that no virus protection is installed? I'm not trying to turn off notifications, I'm simply trying to figure out an easy and accurate way to determine if any anti-virus is installed and hopefully the name of the AV as well.
This can't be something accessed through WMI or similar services as I only have access to the registry and files (using samba).
It appears that meanwhile Microsoft has opened up parts of it. It's not via the registry, but it's a crude way of getting the state of the AV, provided it interfaces with the WSC. This means it requires some programming (which is sort of out-of-scope for SuperUser but rather for StackOverflow), though.
WscRegisterForChanges allows to register a routine that will get called when the WSC state changes. But the state information is rather crude:
WSC_SECURITY_PROVIDER_HEALTH_GOODWSC_SECURITY_PROVIDER_HEALTH_NOTMONITOREDWSC_SECURITY_PROVIDER_HEALTH_POORWSC_SECURITY_PROVIDER_HEALTH_SNOOZEAs you can see there is no way to get the name of the AV, for example. Not even how current the AV signatures are is a metric available this way.
It may be possible to use WMI to query some of that information (see the previously linked StackOverflow Q&A), but at least the API for AV vendors has switched away from WMI (Vista) to COM (7 SP1?). Doesn't mean that the respective information isn't available via WMI, however.
PS: this information isn't exactly what was asked (not via registry), but it's the closest one can get these days, so I am posting it as Community Wiki.
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:Listwould have done the trick.