{"id":533562,"date":"2025-09-29T11:53:52","date_gmt":"2025-09-29T11:53:52","guid":{"rendered":"https:\/\/www.ninjaone.com\/?post_type=script_hub&p=533562"},"modified":"2025-09-29T11:53:52","modified_gmt":"2025-09-29T11:53:52","slug":"supprimer-les-entrees-antivirus-orphelines-avec-powershell","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/fr\/script-hub\/supprimer-les-entrees-antivirus-orphelines-avec-powershell\/","title":{"rendered":"Comment supprimer les entr\u00e9es antivirus orphelines du Centre de s\u00e9curit\u00e9 Windows avec PowerShell"},"content":{"rendered":"

Il est essentiel de conserver un enregistrement propre et pr\u00e9cis des logiciels install\u00e9s pour assurer la visibilit\u00e9 des terminaux, les audits de conformit\u00e9 et l’int\u00e9grit\u00e9 du syst\u00e8me. Pourtant, il n’est pas rare que les entreprises rencontrent des entr\u00e9es antivirus \u00ab\u00a0orphelines\u00a0\u00bb dans le Centre de s\u00e9curit\u00e9 Windows, entr\u00e9es qui persistent m\u00eame apr\u00e8s la suppression de l’antivirus. Ces enregistrements trompeurs peuvent \u00eatre source de confusion, de fausses d\u00e9clarations et d’efforts de rem\u00e9diation inutiles. C’est l\u00e0 que le script PowerShell intervient en tant qu’outil puissant pour automatiser et optimiser le processus de nettoyage.<\/p>\n

Dans cet article, nous verrons comment les professionnels de l’informatique peuvent utiliser des scripts PowerShell pour supprimer les entr\u00e9es orphelines du Centre de s\u00e9curit\u00e9 Windows. Ce script garantit que seules les solutions antivirus r\u00e9ellement d\u00e9sinstall\u00e9es sont \u00e9limin\u00e9es, ce qui r\u00e9duit les efforts manuels et le risque d’erreur humaine.<\/p>\n

Contexte<\/h2>\n

Les solutions antivirus s’enregistrent souvent dans le Centre de s\u00e9curit\u00e9 Windows pour des raisons de visibilit\u00e9 et d’int\u00e9gration avec les outils de surveillance de l’\u00e9tat du syst\u00e8me. Cependant, les processus de d\u00e9sinstallation ne suppriment pas toujours proprement ces enregistrements. Par cons\u00e9quent, les fournisseurs de services g\u00e9r\u00e9s (MSP)<\/a> et les administrateurs informatiques peuvent rencontrer des entr\u00e9es p\u00e9rim\u00e9es indiquant qu’un logiciel antivirus obsol\u00e8te prot\u00e8ge toujours un syst\u00e8me.<\/p>\n

Ces entr\u00e9es orphelines peuvent interf\u00e9rer avec les rapports de conformit\u00e9 ou d\u00e9clencher des faux positifs dans les plateformes de surveillance et de gestion \u00e0 distance (RMM) telles que NinjaOne<\/a>. En automatisant la validation et le nettoyage de ces entr\u00e9es, les \u00e9quipes informatiques peuvent pr\u00e9server la pr\u00e9cision et l’efficacit\u00e9 de leurs environnements.<\/p>\n

Le script<\/h2>\n
#Requires -Version 5.1\r\n\r\n<#\r\n.SYNOPSIS\r\n    Remove a specified Security Center entry if the antivirus is not installed. You can get the antivirus name\/Security Center entry in Ninja by navigating to Details > Antivirus.\r\n.DESCRIPTION\r\n    Remove a specified Security Center entry if the antivirus is not installed. You can get the antivirus name\/Security Center entry in Ninja by navigating to Details > Antivirus.\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n.EXAMPLE\r\n    -AntivirusName \"VIPRE Business Agent\"\r\n    Checking Add and Remove Programs for 'VIPRE Business Agent'.\r\n    Verifying that 'VIPRE Business Agent' does not exist at path 'C:\\Program Files\\VIPRE Business Agent\\SBAMWSC.EXE'.\r\n    Verifying that 'VIPRE Business Agent' does not exist at path 'C:\\Program Files\\VIPRE Business Agent\\ViprePPLSvc.exe'.\r\n    Removing 'VIPRE Business Agent' from the Security Center.\r\n    Successfully removed 'VIPRE Business Agent' from the Security Center.\r\n\r\nPARAMETER: -AntivirusName \"ReplaceMeWithTheNameOfTheAntivirusToRemove\"\r\n    Specify the name of the Security Center entry you would like to remove.\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 10, Windows Server 2016\r\n    Release Notes: Initial Release\r\n#>\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [String]$AntivirusName\r\n)\r\n\r\nbegin {\r\n    # If script form variables are used, replace the command line parameters with their value.\r\n    if ($env:antivirusName -and $env:antivirusName -notlike \"null\") { $AntivirusName = $env:antivirusName }\r\n\r\n    function Test-IsServer {\r\n        # Determine the method to retrieve the operating system information based on PowerShell version\r\n        try {\r\n            $OS = if ($PSVersionTable.PSVersion.Major -lt 5) {\r\n                Get-WmiObject -Class Win32_OperatingSystem -ErrorAction Stop\r\n            }\r\n            else {\r\n                Get-CimInstance -ClassName Win32_OperatingSystem -ErrorAction Stop\r\n            }\r\n        }\r\n        catch {\r\n            Write-Host -Object \"[Error] Unable to validate whether or not this device is a server.\"\r\n            Write-Host -Object \"[Error] $($_.Exception.Message)\"\r\n            exit 1\r\n        }\r\n    \r\n        # Check if the ProductType is \"2\" or \"3\", which indicates that the system is a server\r\n        if ($OS.ProductType -eq \"2\" -or $OS.ProductType -eq \"3\") {\r\n            return $true\r\n        }\r\n    }\r\n\r\n    # If the script is run on a server, display an error message and exit\r\n    if (Test-IsServer) {\r\n        Write-Host -Object \"[Error] The Windows Security Center is not present on Windows Server.\"\r\n        exit 1\r\n    }\r\n\r\n    # If $AntivirusName exists, trim any leading or trailing whitespace.\r\n    if ($AntivirusName) {\r\n        $AntivirusName = $AntivirusName.Trim()\r\n    }\r\n\r\n    # If $AntivirusName is still not set or empty after the previous checks, display an error and exit the script.\r\n    if (!$AntivirusName) {\r\n        Write-Host -Object \"[Error] Please provide a valid antivirus name.\"\r\n        exit 1\r\n    }\r\n\r\n    # Try to retrieve the Security Center entries for antivirus products\r\n    try {\r\n        $SecurityCenterEntries = Get-WmiObject -Namespace \"root\\SecurityCenter2\" -ClassName \"AntiVirusProduct\" -ErrorAction Stop\r\n    }\r\n    catch {\r\n        # If there is an error retrieving the Security Center entries, output an error message and exit the script.\r\n        Write-Host -Object \"[Error] Failed to retrieve any antivirus entries from the Security Center.\"\r\n        Write-Host -Object \"[Error] $($_.Exception.Message)\"\r\n        exit 1\r\n    }\r\n\r\n    # Check if no Security Center entries were found or if the number of entries is less than 1, then output an error and exit.\r\n    if (!$SecurityCenterEntries -or ($SecurityCenterEntries.displayName | Measure-Object | Select-Object -ExpandProperty Count) -lt 1) {\r\n        Write-Host -Object \"[Error] No antivirus entries found in the Security Center.\"\r\n        exit 1\r\n    }\r\n\r\n    # Check if the antivirus name provided does not exist in the Security Center entries.\r\n    if ($SecurityCenterEntries.displayName -notcontains $AntivirusName) {\r\n        Write-Host -Object \"[Error] An invalid antivirus name was specified. Please specify one of the following valid antivirus names: \" -NoNewline\r\n        Write-Host -Object $SecurityCenterEntries.displayName -Separator \", \"\r\n        exit 1\r\n    }\r\n\r\n    function Find-InstallKey {\r\n        [CmdletBinding()]\r\n        param (\r\n            [Parameter(ValueFromPipeline = $True)]\r\n            [String]$DisplayName,\r\n            [Parameter()]\r\n            [Switch]$UninstallString,\r\n            [Parameter()]\r\n            [String]$UserBaseKey\r\n        )\r\n        process {\r\n            # Initialize a list to store found installation keys\r\n            $InstallList = New-Object System.Collections.Generic.List[Object]\r\n    \r\n            # If no custom user base key is provided, search in the standard HKLM paths\r\n            if (!$UserBaseKey) {\r\n                # Search in the 32-bit uninstall registry key and add results to the list\r\n                $Result = Get-ChildItem -Path \"Registry::HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*\" | Get-ItemProperty | Where-Object { $_.DisplayName -like \"*$DisplayName*\" }\r\n                if ($Result) { $InstallList.Add($Result) }\r\n    \r\n                # Search in the 64-bit uninstall registry key and add results to the list\r\n                $Result = Get-ChildItem -Path \"Registry::HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*\" | Get-ItemProperty | Where-Object { $_.DisplayName -like \"*$DisplayName*\" }\r\n                if ($Result) { $InstallList.Add($Result) }\r\n            }\r\n            else {\r\n                # If a custom user base key is provided, search in the corresponding Wow6432Node path and add results to the list\r\n                $Result = Get-ChildItem -Path \"$UserBaseKey\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*\" | Get-ItemProperty | Where-Object { $_.DisplayName -like \"*$DisplayName*\" }\r\n                if ($Result) { $InstallList.Add($Result) }\r\n    \r\n                # Search in the custom user base key for the standard uninstall path and add results to the list\r\n                $Result = Get-ChildItem -Path \"$UserBaseKey\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*\" | Get-ItemProperty | Where-Object { $_.DisplayName -like \"*$DisplayName*\" }\r\n                if ($Result) { $InstallList.Add($Result) }\r\n            }\r\n    \r\n            # If the UninstallString switch is set, return only the UninstallString property of the found keys\r\n            if ($UninstallString) {\r\n                $InstallList | Select-Object -ExpandProperty UninstallString -ErrorAction SilentlyContinue\r\n            }\r\n            else {\r\n                $InstallList\r\n            }\r\n        }\r\n    }    \r\n    \r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n\r\n    if (!$ExitCode) {\r\n        $ExitCode = 0\r\n    }\r\n}\r\nprocess {\r\n    # Check if the script is being run with elevated (administrator) privileges.\r\n    if (!(Test-IsElevated)) {\r\n        Write-Host -Object \"[Error] Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n\r\n    # Inform the user that the script is checking Add and Remove Programs for the specified antivirus.\r\n    Write-Host -Object \"Checking Add and Remove Programs for '$AntivirusName'.\"\r\n\r\n    # Call the Find-InstallKey function to check if the antivirus is installed by its display name.\r\n    $IsInstalled = Find-InstallKey -DisplayName $AntivirusName\r\n\r\n    # If the antivirus is found to be installed, display an error and exit the script.\r\n    if ($IsInstalled) {\r\n        Write-Host -Object \"[Error] '$AntivirusName' is currently installed. Unable to remove the entry from the Security Center.\"\r\n        exit 1\r\n    }\r\n\r\n    # Retrieve the Security Center entries that match the specified antivirus name.\r\n    $EntryToRemove = $SecurityCenterEntries | Where-Object { $_.displayName -like $AntivirusName }\r\n\r\n    # Loop through the matched Security Center entries to process each one.\r\n    $EntryToRemove | ForEach-Object {\r\n        # Retrieve the paths for the signed product executable and reporting executable.\r\n        $SignedExe = $_.pathToSignedProductExe\r\n        $SignedReportingExe = $_.pathToSignedReportingExe\r\n\r\n        if ($SignedExe) {\r\n            Write-Host -Object \"Verifying that '$AntivirusName' does not exist at path '$SignedExe'.\"\r\n        }\r\n\r\n        # If the signed product executable path contains environment variables (denoted by '%' signs), attempt to expand them to their full path using the Environment class.\r\n        if ($SignedExe -and $SignedExe -match '%.*%') {\r\n            try {\r\n                $ErrorActionPreference = \"Stop\"\r\n                $SignedExe = [Environment]::ExpandEnvironmentVariables($SignedExe)\r\n                $ErrorActionPreference = \"Continue\"\r\n            }\r\n            catch {\r\n                Write-Host -Object \"[Error] Failed to expand environment variable in '$($_.pathToSignedProductExe)'.\"\r\n                Write-Host -Object \"[Error] $($_.Exception.Message)\"\r\n                exit 1\r\n            }\r\n        }\r\n\r\n        # If the path for the signed reporting executable exists, print a message indicating the verification of its presence.\r\n        if ($SignedReportingExe) {\r\n            Write-Host -Object \"Verifying that '$AntivirusName' does not exist at path '$SignedReportingExe'.\"\r\n        }\r\n        \r\n        # If the signed reporting executable path contains environment variables, attempt to expand them.\r\n        if ($SignedReportingExe -and $SignedReportingExe -match '%.*%') {\r\n            try {\r\n                $ErrorActionPreference = \"Stop\"\r\n                $SignedReportingExe = [Environment]::ExpandEnvironmentVariables($SignedReportingExe)\r\n                $ErrorActionPreference = \"Continue\"\r\n            }\r\n            catch {\r\n                Write-Host -Object \"[Error] Failed to expand environment variable in '$($_.pathToSignedReportingExe)'.\"\r\n                Write-Host -Object \"[Error] $($_.Exception.Message)\"\r\n                exit 1\r\n            }\r\n        }\r\n        \r\n        # If the signed product executable still exists at the expanded path, output an error and exit the script.\r\n        if ($SignedExe -and (Test-Path -Path $SignedExe -ErrorAction SilentlyContinue)) {\r\n            Write-Host -Object \"[Error] '$AntivirusName' is currently installed at '$SignedExe'. Unable to remove the entry.\"\r\n            exit 1\r\n        }\r\n\r\n        # If the signed reporting executable still exists at the expanded path, output an error and exit the script.\r\n        if ($SignedReportingExe -and (Test-Path -Path $SignedReportingExe -ErrorAction SilentlyContinue)) {\r\n            Write-Host -Object \"[Error] '$AntivirusName' is currently installed at '$SignedReportingExe'. Unable to remove the entry.\"\r\n            exit 1\r\n        }\r\n    }\r\n\r\n    # After verifying that the antivirus is not installed at the specified paths, proceed to remove the entries from the Security Center.\r\n    Write-Host -Object \"Removing '$AntivirusName' from the Security Center\"\r\n\r\n    # Loop through each entry in $EntryToRemove and attempt to delete it.\r\n    $EntryToRemove | ForEach-Object {\r\n        try {\r\n            $ErrorActionPreference = \"Stop\"\r\n            $_.Delete()\r\n            $ErrorActionPreference = \"Continue\"\r\n\r\n            Write-Host -Object \"Successfully removed '$AntivirusName' from the Security Center.\"\r\n        }\r\n        catch {\r\n            Write-Host -Object \"[Error] Failed to remove '$AntivirusName' from the Security Center.\"\r\n            Write-Host -Object \"[Error] $($_.Exception.Message)\"\r\n            exit 1\r\n        }\r\n    }\r\n\r\n    exit $ExitCode\r\n}\r\nend {\r\n    \r\n    \r\n    \r\n}<\/pre>\n
 <\/p>\n\n
Description d\u00e9taill\u00e9e<\/h2>\n
Ce script est con\u00e7u pour supprimer des entr\u00e9es antivirus orphelines sp\u00e9cifiques du Centre de s\u00e9curit\u00e9 Windows, mais uniquement apr\u00e8s avoir v\u00e9rifi\u00e9 que le logiciel n’est plus install\u00e9.<\/p>\n
Voici une pr\u00e9sentation d\u00e9taill\u00e9e de son fonctionnement :<\/p>\n
Validation des param\u00e8tres et contr\u00f4le du serveur<\/h3>\n
Le script commence par capturer le nom de l’antivirus \u00e0 partir de la ligne de commande ou des variables d’environnement. Il s’arr\u00eate imm\u00e9diatement s’il est ex\u00e9cut\u00e9 sur un serveur Windows, car le centre de s\u00e9curit\u00e9 n’existe pas dans ces environnements.<\/p>\n
R\u00e9cup\u00e9ration des entr\u00e9es existantes<\/h3>\n
Il interroge l’espace de noms WMI root\\SecurityCenter2<\/strong> pour r\u00e9cup\u00e9rer tous les produits antivirus actuellement enregistr\u00e9s.<\/p>\n
V\u00e9rification de l’antivirus<\/h3>\n
Le script v\u00e9rifie que le nom de l’antivirus fourni existe dans la liste du centre de s\u00e9curit\u00e9. Si ce n’est pas le cas, il affiche une liste d’options valides pour guider l’utilisateur.<\/p>\n
Contr\u00f4le de l’installation<\/h3>\n
Avant la suppression, il recherche les cl\u00e9s de d\u00e9sinstallation du registre pour s’assurer que l’antivirus n’est pas actuellement install\u00e9. Il v\u00e9rifie ensuite s’il reste des ex\u00e9cutables dans les chemins d’installation signal\u00e9s.<\/p>\n
Suppression d’entr\u00e9e<\/h3>\n
Une fois que toutes les v\u00e9rifications ont confirm\u00e9 que le logiciel a vraiment disparu, il proc\u00e8de \u00e0 la suppression de l’entr\u00e9e orpheline du centre de s\u00e9curit\u00e9 \u00e0 l’aide de la m\u00e9thode .Delete()<\/strong> sur l’objet WMI.<\/p>\n
Cas d’utilisation potentiels<\/h2>\n
Cas de figure\u00a0: Nettoyage \u00e0 distance d’un outil antivirus hors service<\/h3>\n
Un fournisseur de services g\u00e9r\u00e9s (MSP) d\u00e9ploie une nouvelle solution de protection des terminaux mais trouve des restes du produit pr\u00e9c\u00e9dent (VIPRE Business Agent) toujours list\u00e9s dans le Centre de s\u00e9curit\u00e9 Windows sur de nombreuses machines. Bien que d\u00e9sinstall\u00e9es, les entr\u00e9es persistent, induisant en erreur les rapports de conformit\u00e9.<\/p>\n
En utilisant ce script PowerShell via le module de script de NinjaOne, l’entreprise MSP automatise le nettoyage sur des centaines de terminaux. En quelques minutes, seules les entr\u00e9es antivirus valides sont conserv\u00e9es, ce qui am\u00e9liore la pr\u00e9cision du tableau de bord et la pr\u00e9paration \u00e0 l’audit.<\/p>\n
Comparaisons<\/h2>\n
Nettoyage manuel<\/h3>\n
La suppression manuelle de ces entr\u00e9es implique de multiples modifications du registre et des appels WMI, ce qui prend du temps et est source d’erreurs, en particulier sur de nombreux syst\u00e8mes.<\/p>\n
Utilisation d’outils tiers<\/h3>\n
Certains utilitaires tiers permettent de nettoyer les entr\u00e9es orphelines, mais ils ne proc\u00e8dent pas \u00e0 une v\u00e9rification granulaire ou n\u00e9cessitent une interaction \u00e9lev\u00e9e de la part de l’utilisateur. Ce script offre une alternative l\u00e9g\u00e8re, v\u00e9rifiable et automatis\u00e9e adapt\u00e9e aux environnements g\u00e9r\u00e9s.<\/p>\n
D\u00e9clencheurs de strat\u00e9gie RMM<\/h3>\n
Si certains RMM<\/a> peuvent signaler les outils antivirus inactifs, ils n’offrent g\u00e9n\u00e9ralement pas de capacit\u00e9s de nettoyage. Ce script compl\u00e8te ces alertes en proposant une rem\u00e9diation automatis\u00e9e.<\/p>\n
Questions fr\u00e9quentes<\/h2>\n
Q\u00a0: Que se passe-t-il si je l’ex\u00e9cute sur un serveur ?<\/h3>\n
Le script se termine pr\u00e9matur\u00e9ment en indiquant que le Centre de s\u00e9curit\u00e9 Windows n’est pas disponible sur les syst\u00e8mes d’exploitation serveur.<\/p>\n
Q\u00a0: Puis-je l’ex\u00e9cuter sans les privil\u00e8ges de l’administrateur ?<\/h3>\n
Non, le script n\u00e9cessite des droits \u00e9lev\u00e9s pour acc\u00e9der \u00e0 WMI et aux chemins d’acc\u00e8s au registre pour le nettoyage.<\/p>\n
Q\u00a0: Que faire si l’antivirus est encore partiellement install\u00e9 ?<\/h3>\n
Le script v\u00e9rifie les cl\u00e9s de registre et les chemins d’acc\u00e8s aux ex\u00e9cutables connus pour s’assurer qu’il a \u00e9t\u00e9 enti\u00e8rement d\u00e9sinstall\u00e9 avant de supprimer l’entr\u00e9e.<\/p>\n
Q\u00a0: Ce script peut-il \u00eatre int\u00e9gr\u00e9 \u00e0 NinjaOne ?<\/h3>\n
Oui, vous pouvez le d\u00e9ployer en tant que script personnalis\u00e9 via NinjaOne et m\u00eame introduire le nom de l’antivirus de mani\u00e8re dynamique via des variables d’environnement.<\/p>\n
Implications<\/strong><\/h2>\n
Refl\u00e9ter avec pr\u00e9cision l’\u00e9tat de sant\u00e9 d’un syst\u00e8me est primordial dans la gestion informatique moderne. Le fait de laisser des entr\u00e9es antivirus orphelines introduit du bruit, fausse l’analyse des donn\u00e9es et peut indiquer \u00e0 tort l’\u00e9tat de la protection aux utilisateurs finaux et aux administrateurs. En utilisant PowerShell pour appliquer l’hygi\u00e8ne dans le Centre de s\u00e9curit\u00e9, les \u00e9quipes informatiques renforcent l’int\u00e9grit\u00e9 de leurs syst\u00e8mes de surveillance et r\u00e9duisent la surface d’attaque caus\u00e9e par les erreurs de configuration.<\/p>\n
Recommandations<\/strong><\/h2>\n