» M$ security center

[Tsukasa]

What I am trying to achieve here is to pull from m$ security center is the name of the antivirus that reports to it and if the database is up to date or not.

Anyone have any info how to do such a thing. Can be any Lang. C++, vb, c#

Needing it to work with xp, vista, 7, server 03, server 08

read a little about wmi but the few things I read it won't work in vista+ they changed it so they had to use certain APIs that aren't released to the public.

Thanks in advance

[MaXe]

Are we talking about the Security Center for the Servers or Home-Users?

I guess you're talking about application that I always turn completely off xD

I am not sure though I look forward to see what you're programming, most
likely an app which can make it look like the computer is safe I guess? :-P

[Tsukasa]

Home users and no evol intensions.

It would be used with the zabbix agent sender to report to my servers if a computer has any protection and if so if it's up to date.

[Norph]

(EDIT: Oh darn, apparently I didn't notice that you wanted it to work on Vista etc. Well... I hope you can use it anyways)
This vbscript should get the data from WMI. I believe that it's non-functional in Vista SP1 and Windows Server 2008 and newer, perhaps. I don't have a windows box near me, so I don't really know if it works at all. Worth a shot I guess. :)

Code:

strComputer = "."
    
Set oWMI = GetObject( _
  "winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\SecurityCenter")
  
Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")

For Each objItem in colItems
  With objItem
    WScript.Echo .companyName
    WScript.Echo .displayName
    WScript.Echo .instanceGuid
    WScript.Echo .onAccessScanningEnabled
    WScript.Echo .pathToSignedProductExe
    WScript.Echo .productHasNotifiedUser
    WScript.Echo .productState
    WScript.Echo .productUptoDate
    WScript.Echo .productWantsWscNotifications
    WScript.Echo .versionNumber  
  End With
Next

Here's som C# code to do, pretty much, the same.

Code:

 private string Antivirus(string type) 
{
    string computer = Environment.MachineName;
    string wmipath = @"\\" + computer + @"\root\SecurityCenter"; 
    try 
    {
        ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmipath,"SELECT * FROM AntivirusProduct");
        ManagementObjectCollection instances = searcher.Get();
        //MessageBox.Show(instances.Count.ToString());
        foreach (ManagementObject queryObj in instances) 
        {
            return queryObj[type].ToString();
        }
    } 
    catch (Exception e)
    {
        MessageBox.Show(e.Message);
    }
    
    return null;
}

[Tsukasa]

Ya it won't work for anything "newer" m$ decided to only release the ability for such reporting to the AV companies. I have WMI code already but trying to find a way of pulling the newer stuff out of the center or any other work around to detect what AV is installed and if the database is current or not.

I can think of a very long way to do it but I really don't wanna do it that way. The check or this or this or this. Look in these files for database versions, connect to AV's site and pull latest DB ..etc

UPDATE:
----------
I believe I found what I need here
http://msdn.microsoft.com/en-us/libr...8VS.85%29.aspx

I'll have to keep in my WMI check for xp clients but thats no big deal.

[Norph]

Ic. If you get some code done, please post as I'm actually interested ;)
Sorry I couldn't help more than my sneaky msdn searches.