Microsoft Security Essentials/Antimalware
Symantec Endpoint Protection
Once you have a shell, run the post module.
The module indicates that Microsoft Security Essentials is installed and there are a few excluded locations configured. Lets try to upload a known malicious binary to this machine in a non-excluded location.
We can see that we successfully uploaded WCE, but when trying to execute it, AV flags and deletes it.
Now when we try to upload and execute the same binary from one of the excluded locations....
AV leaves us alone.
I suppose this could also be useful to admins who want to audit these configurations as well ;)