From c79662158d10271ee75cb5bc5350a556df98fa7e Mon Sep 17 00:00:00 2001
From: Guillaume Bougard <gbougard@teclib.com>
Date: Mon, 17 Feb 2025 17:32:59 +0100
Subject: [PATCH] fix: Update to support Windows Defender AV inventory on
 Windows Server

---
 lib/GLPI/Agent/Task/Inventory/Win32/AntiVirus.pm | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/lib/GLPI/Agent/Task/Inventory/Win32/AntiVirus.pm b/lib/GLPI/Agent/Task/Inventory/Win32/AntiVirus.pm
index 3991c51ab..fd4ed007a 100644
--- a/lib/GLPI/Agent/Task/Inventory/Win32/AntiVirus.pm
+++ b/lib/GLPI/Agent/Task/Inventory/Win32/AntiVirus.pm
@@ -68,7 +68,7 @@ sub doInventory {
 
             # Also support WMI access to Windows Defender
             if (!$antivirus->{VERSION} && $antivirus->{NAME} =~ /Windows Defender/i) {
-                &_setWinDefenderInfos($antivirus, $logger, "");
+                &_setWinDefenderInfos($antivirus);
                 $found_enabled++ if $antivirus->{ENABLED};
             }
 
@@ -133,7 +133,6 @@ sub doInventory {
             # Windows Defender support, path key is not set as it depends on installed version string
             name    => "Windows Defender",
             service => "WinDefend",
-            command => "MsMpEng.exe",
             func    => \&_setWinDefenderInfos,
         }, {
             # Cortex XDR support
@@ -174,6 +173,8 @@ sub doInventory {
                     my ($path) = $service->{PATHNAME} =~ /^"/ ?
                         $service->{PATHNAME} =~ /^"([^"]+)\"/ :
                         $service->{PATHNAME} =~ /^(\S+)/ ;
+                    # Remove filename part
+                    ($path) = $path =~ /^(.*)[\\][^\\]+$/ if !has_folder($path) && $path =~ /\\[^\\]+$/;
                     push @path, $path if $path;
                 }
                 push @path, ref($support->{path}) ? @{$support->{path}} : $support->{path}
@@ -187,6 +188,8 @@ sub doInventory {
                     &{$support->{func}}($antivirus, $logger, $cmd);
                     last;
                 }
+            } elsif ($support->{func}) {
+                &{$support->{func}}($antivirus);
             }
 
             # avoid duplicates
@@ -228,7 +231,7 @@ sub _getAntivirusUninstall {
 }
 
 sub _setWinDefenderInfos {
-    my ($antivirus, $logger, $command) = @_;
+    my ($antivirus) = @_;
 
     my $defender;
     # Don't try to access Windows Defender class if not enabled as
@@ -250,11 +253,6 @@ sub _setWinDefenderInfos {
         $antivirus->{BASE_VERSION} = $defender->{AntivirusSignatureVersion}
             if $defender->{AntivirusSignatureVersion};
     }
-    unless ($antivirus->{VERSION} || empty($command)) {
-        my ($version) = $command =~ m{/([0-9.]+)[-/]};
-        $antivirus->{VERSION} = $version
-            unless empty($version);
-    }
     $antivirus->{COMPANY} = "Microsoft Corporation";
     # Finally try registry for base version
     if (!$antivirus->{BASE_VERSION}) {