According to http://support.microsoft.com/kb/883792 , MS can detect installed AV using either WMI or a manual method involving registry keys that MS knows about. Is there an API to access this functionality?
+1
A:
If you can't find documentation for it and you want to do some manual digging, you can try executing Process Monitor from SysInternals and then launch the Security Center. It'll show you what keys are read, and what files are accessed.
JRL
2009-04-28 16:04:22
+3
A:
This Google search yields this MSDN documentation which appears to be what you're looking for, the Windows Security Center API. The documentation says Vista only, but I believe this API is also available through the Windows XP SP2 SDK.
Not Sure
2009-04-28 21:34:59