General Programming Discussions Talk about programming, tools and compilers here.

InterN0T Affiliates:
EvilZonepy1337

SirCapsAlot.NET

Reply
 
LinkBack Thread Tools Display Modes
  #1  
Old 19th January 2010, 21:33
Tsukasa's Avatar
-=Ninja Pirate=-
 
Join Date: Jun 2008
Location: ::1
Posts: 457
Rep Power: 11
Reputation: 287
Tsukasa is a light in the darkTsukasa is a light in the darkTsukasa is a light in the dark
M$ security center

What I am trying to achieve here is to pull from m$ security center is the name of the antivirus that reports to it and if the database is up to date or not.

Anyone have any info how to do such a thing. Can be any Lang. C++, vb, c#

Needing it to work with xp, vista, 7, server 03, server 08

read a little about wmi but the few things I read it won't work in vista+ they changed it so they had to use certain APIs that aren't released to the public.

Thanks in advance
__________________
"...a computer is a stupid machine with the ability to do incredibly
smart things, while computer programmers are smart people with the
ability to do incredibly stupid things. They are, in short, a perfect
match".
Reply With Quote
  #2  
Old 20th January 2010, 13:02
MaXe's Avatar
The BOFH
 
Join Date: Jun 2008
Location: Sweden - Ljusdal
Posts: 2,718
Blog Entries: 31
Rep Power: 10
Reputation: 146
MaXe will become a Token soonMaXe will become a Token soon
Re: M$ security center

Are we talking about the Security Center for the Servers or Home-Users?

I guess you're talking about application that I always turn completely off xD

I am not sure though I look forward to see what you're programming, most
likely an app which can make it look like the computer is safe I guess? :-P
__________________
Code:
                                ____/____\_________________
                      \|/      | OMG IT'S TEH LEET STORY!! |
    /*\         /\    -*-      |______  ________/\_________|
   // \\       /  \   /|\        /    \/    \  /  \
  /// \\\     /    \            /            \/    \
   // \\     /      \          /      \o/     \     \
    | |     /        \        /        |       \     \
 ___| |____/          \______/________/ \_______\_____\_________
          /     o      \
               #"=-
               /\
 __________________________________________________________
    On a mission, to find the lost member of Teh Unkwon.. 
Reply With Quote
  #3  
Old 20th January 2010, 15:58
Tsukasa's Avatar
-=Ninja Pirate=-
 
Join Date: Jun 2008
Location: ::1
Posts: 457
Rep Power: 11
Reputation: 287
Tsukasa is a light in the darkTsukasa is a light in the darkTsukasa is a light in the dark
Re: M$ security center

Home users and no evol intensions.

It would be used with the zabbix agent sender to report to my servers if a computer has any protection and if so if it's up to date.
__________________
"...a computer is a stupid machine with the ability to do incredibly
smart things, while computer programmers are smart people with the
ability to do incredibly stupid things. They are, in short, a perfect
match".
Reply With Quote
  #4  
Old 20th January 2010, 22:39
Norph's Avatar
 
Join Date: Oct 2009
Location: Denmark
Posts: 235
Blog Entries: 1
Rep Power: 2
Reputation: 34
Norph is on the way to become something
Re: M$ security center

(EDIT: Oh darn, apparently I didn't notice that you wanted it to work on Vista etc. Well... I hope you can use it anyways)
This vbscript should get the data from WMI. I believe that it's non-functional in Vista SP1 and Windows Server 2008 and newer, perhaps. I don't have a windows box near me, so I don't really know if it works at all. Worth a shot I guess. :)

Code:
strComputer = "."
    
Set oWMI = GetObject( _
  "winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\SecurityCenter")
  
Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")

For Each objItem in colItems
  With objItem
    WScript.Echo .companyName
    WScript.Echo .displayName
    WScript.Echo .instanceGuid
    WScript.Echo .onAccessScanningEnabled
    WScript.Echo .pathToSignedProductExe
    WScript.Echo .productHasNotifiedUser
    WScript.Echo .productState
    WScript.Echo .productUptoDate
    WScript.Echo .productWantsWscNotifications
    WScript.Echo .versionNumber  
  End With
Next
Here's som C# code to do, pretty much, the same.

Code:
 private string Antivirus(string type) 
{
    string computer = Environment.MachineName;
    string wmipath = @"\\" + computer + @"\root\SecurityCenter"; 
    try 
    {
        ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmipath,"SELECT * FROM AntivirusProduct");
        ManagementObjectCollection instances = searcher.Get();
        //MessageBox.Show(instances.Count.ToString());
        foreach (ManagementObject queryObj in instances) 
        {
            return queryObj[type].ToString();
        }
    } 
    catch (Exception e)
    {
        MessageBox.Show(e.Message);
    }
    
    return null;
}
__________________
Men have two emotions: Hungry and Horny. If you see him without an erection, make him a sandwich.

Last edited by Norph; 20th January 2010 at 22:44.
Reply With Quote
  #5  
Old 21st January 2010, 01:26
Tsukasa's Avatar
-=Ninja Pirate=-
 
Join Date: Jun 2008
Location: ::1
Posts: 457
Rep Power: 11
Reputation: 287
Tsukasa is a light in the darkTsukasa is a light in the darkTsukasa is a light in the dark
Re: M$ security center

Ya it won't work for anything "newer" m$ decided to only release the ability for such reporting to the AV companies. I have WMI code already but trying to find a way of pulling the newer stuff out of the center or any other work around to detect what AV is installed and if the database is current or not.

I can think of a very long way to do it but I really don't wanna do it that way. The check or this or this or this. Look in these files for database versions, connect to AV's site and pull latest DB ..etc

UPDATE:
----------
I believe I found what I need here
http://msdn.microsoft.com/en-us/libr...8VS.85%29.aspx

I'll have to keep in my WMI check for xp clients but thats no big deal.
__________________
"...a computer is a stupid machine with the ability to do incredibly
smart things, while computer programmers are smart people with the
ability to do incredibly stupid things. They are, in short, a perfect
match".

Last edited by Tsukasa; 21st January 2010 at 07:16.
Reply With Quote
  #6  
Old 22nd January 2010, 00:58
Norph's Avatar
 
Join Date: Oct 2009
Location: Denmark
Posts: 235
Blog Entries: 1
Rep Power: 2
Reputation: 34
Norph is on the way to become something
Re: M$ security center

Ic. If you get some code done, please post as I'm actually interested ;)
Sorry I couldn't help more than my sneaky msdn searches.
__________________
Men have two emotions: Hungry and Horny. If you see him without an erection, make him a sandwich.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security-Pro's busted for bad security at Black Hat MaXe Security News and Feeds 0 9th August 2008 11:25


All times are GMT +2. The time now is 05:42.
Copyright ©2007 - Forever, InterN0T & Teh Unkwon

Hosted by 1and1