remote antivirus fingerprint

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I know that some antivirus, like norton or pc-cillin keep a tcp port open while
active, for load update, make mail scan and so on.

I know also that it's possible with tool like nmap determine remotely what OS
and what service are running in a remote computer.

The question is:  it's possible detect remotely what brand of antivirus are
running in a remote machine ?
It's a potential vulnerability.

Site Timeline