Please use this script to generate an alert if an endpoint has its antivirus disabled or no antivirus installed.
Note: It will check the Windows defender antivirus status also.
This procedure supports the list of antivirus mentioned below:
10. Windows Defender
11. Bitdefender total and internet security
Run the script as custom monitoring script. Please refer this wiki guide to use custom monitoring script:
https://wiki.comodo.com/frontend/web/topic/how-to-use-custom-script-procedure-monitoring Run the Script as Custom monitoring