问题
i have used WMI to detect that antivirus is present on OS, itz woking fine and display me information of antivirus like name and instance id on win xp and window7 by using Namespace:\root\SecurityCenter and \root\SecurityCenter, \root\Security.
if(isHLOSVersion( ))
hres = pLoc->ConnectServer( _bstr_t(L"root\\SecurityCenter2"),
// Object path of SecurityCenter
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (e.g. Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
else
hres = pLoc->ConnectServer( _bstr_t(L"root\\SecurityCenter"),
// Object path of SecurityCenter
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (e.g. Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
But in case of windows 2003 server and 2008 server 2003 server R2and 2008 server R2 these above namespace are not present so this is not working there.
Please let me know how can we detect that antivirus present or not windows 2003 server and 2008 server 2003 server R2and 2008 server R2 operating system.
回答1:
That namespace is not available on Windows Server platforms an I think it might be deprecated for Workstation (i.e. going away).
You can probably use WscGetSecurityProviderHealth() to get the same result.
See http://msdn.microsoft.com/en-us/library/bb432506.aspx
Here's my trivial sample that seems to work:
#define _WIN32_WINNT _WIN32_WINNT_WIN7
#include <Windows.h>
#include <Wscapi.h>
#include <iostream>
#pragma comment(lib, "Wscapi")
int main(int argc, char* argv[])
{
WSC_SECURITY_PROVIDER_HEALTH health;
const DWORD dwAntivirus(WSC_SECURITY_PROVIDER_ANTIVIRUS);
HRESULT hr = WscGetSecurityProviderHealth(dwAntivirus, &health);
if (FAILED(hr))
{
std::cerr << "Error " << std::hex
<< std::showbase << hr << "\n";
return -1;
}
switch (health)
{
case WSC_SECURITY_PROVIDER_HEALTH_GOOD:
std::cout << "Antivirus health is good\n";
return 0;
case WSC_SECURITY_PROVIDER_HEALTH_NOTMONITORED:
std::cout << "Antivirus health is not monitored\n";
return 1;
case WSC_SECURITY_PROVIDER_HEALTH_POOR:
std::cout << "Antivirus health is poor\n";
return 2;
case WSC_SECURITY_PROVIDER_HEALTH_SNOOZE:
std::cout << "Antivirus health is snooze\n";
return 3;
default:
std::cout << "Unexpected antivirus health value: "
<< std::hex << std::showbase
<< health << "\n";
return 4;
}
}
Update 9 Dec 2012
Alex points out (below) that this does not work on Windows Server, only on Workstation versions of Windows. On reflection, it occurs to me that it is probably deliberate and, in fact, probably for the best.
Do application programs really need to know the status of a server? Most security programs for servers have mechanisms to set alarms when they fail. An admin will monitor those alarms and fix what is broken. Application programs should simply behave as if security is fully operational.
If you really must know about a particular program, you can look for its exe name amongst the processes and see if the process is running and is consuming cpu (not hung). Beyond that you might need to work with the security program's vendor: they may have an API to query the program.
来源:https://stackoverflow.com/questions/4396757/how-to-detect-antivirus-installed-on-windows-2003-server-and-2008-server-2003-se