发表新帖
发表新帖

How to detect if a virusscanner and/or firewall is installed? (And a few other security-related Q's.)

后端 未结
关注
2 1141
离开以前
离开以前 2020-12-15 12:50

I have an application and I\'m trying to make sure it\'s running in a secure environment. First of all, I check if Windows is genuine, which makes it more likely that the us

相关标签:
2条回答
  • 隐瞒了意图╮
    2020-12-15 13:30

    I think you can do most of this via WMI

    Something like this:

    ManagementObjectSearcher wmiData = new ManagementObjectSearcher(@"root\SecurityCenter", "SELECT * FROM AntiVirusProduct");
ManagementObjectCollection data = wmiData.Get();

foreach (ManagementObject virusChecker in data)
{
    // This is the virus checkers name.
    String virusCheckerName = virusChecker["displayName"];
}

    [You didn't mention what language, so the sample above is in C#, but WMI can be done from pretty much anything]

    [Edit: You can do the same but with "FirewallProduct" instead for firewall info. Also, for the anti virus, you can look at the "productUptoDate" property on the results for info on if it's up to date]

    The WMI reference should help you find the others. (1, 2, 3, and 4 I'm pretty certain are available through WMI. 5 I'm not so certain about, but I think it probably should be)

    You'll probably find WMI Code Creator helpful for testing and figuring out what queries/objects you need to use. Also Scriptomatic and WMI Admin tools might be useful.

    0 讨论(0)
  • 佛祖请我去吃肉
    2020-12-15 13:41

    Since I was looking for a C++ and not .NET depended way, I mixed between this answer and MSDN example: Getting WMI Data from the Local Computer.

    The commands that need to be changed in order to get the AV name are:

    • _bstr_t(L"ROOT\\CIMV2") to _bstr_t(L"ROOT\\SecurityCenter2"). Keep in mind that SecurityCenter2 is for Win 7, Vista SP2 and beyond according to this. Below Vista SP2, you need to use SecurityCenter.
    • bstr_t("SELECT * FROM Win32_OperatingSystem") to bstr_t("SELECT * FROM AntivirusProduct")
    • hr = pclsObj->Get(L"Name", 0, &vtProp, 0, 0); to hr = pclsObj->Get(L"displayName", 0, &vtProp, 0, 0);.

    This changed code has been checked and fully working.

    For a simpler method you can always iterate over this algorithm and look for your AV by name.

    0 讨论(0)
 看不清?
提交回复
热议问题