Are you seeing this on just a single machine or all your machines?

I can't reproduce the issue on any machines in my environment. The only permission that should be necessary for an account is that it's a member of the local administrators group on the system.

It may be an issue in WMI itself. You could try removing the AntimalwareInfectionStatus class and then recreating it.

To remove - From elevated PowerShell console:

Remove-WmiObject -Namespace "root\Microsoft\SecurityClient" -Class AntimalwareInfectionStatus

To recreate - From elevated command prompt:

mofcomp "C:\Program Files\Microsoft Security Client\AmStatusInstall.mof"

Sorry "Only" local administrator? that is not only, that is ALL permissions.

Local administrator is not a solution.

it seems this is impossible, which rights do I need to grant the service account that are running the call?

I also tryed PS remoting, to make the WMI call locally, but that give the same.

I have no issue with calling the other Classes in root\microsoft\securityclient.

I get this in the event log: (Source: Microsoft Security Client EventID: 2002)

There was an error 0x80070005 in creating the Antimalware Infection State WMI instance.

0x80070005 is Access denied.