none
List of antiVirus

Answers

  • Hi,

     

    As I understand, you can try to refer to the following sample codes to get a list of the installed software in windows and then pick up the installed anti virus software from them. Here are the sample codes as follows from this newsgroup - http://www.thescripts.com/forum/thread276143.html for your reference:

    Code Block

            public void getInstalledSWList()
            {
                Microsoft.Win32.RegistryKey regKey = Microsoft.Win32.Registry.LocalMachine;
                Microsoft.Win32.RegistryKey subKey1 = regKey.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall");
                string[] subKeyNames = subKey1.GetSubKeyNames();

                foreach (string subKeyName in subKeyNames)
                {
                    Microsoft.Win32.RegistryKey subKey2 = subKey1.OpenSubKey(subKeyName);

                    if (ValueNameExists(subKey2.GetValueNames(), "DisplayName") && ValueNameExists(subKey2.GetValueNames(), "DisplayVersion"))
                    {
                       //Get the installed software list in windows through subKey2.GetValue("DisplayName").ToString()
                    }
                    subKey2.Close();
                }
                subKey1.Close();
            }

     

            private bool ValueNameExists(string[] valueNames, string valueName)
            {
                foreach (string s in valueNames)
                {
                    if (s.ToLower() == valueName.ToLower()) return true;
                }

                return false;
            }

     

     

    Hope this helps,

    Regards,

    Friday, December 28, 2007 3:37 AM
    Moderator
  • Hi Subash,

     

    For your concern how the windows security center recognizes various antivirus softwares installed on your PC, try to refer to the following explanations:

    Windows Security Center uses a two-tiered approach for detection status. One tier is manual, and the other tier is automatic through Windows Management Instrumentation (WMI). In manual detection mode, Windows Security Center searches for registry keys and files that are provided to Microsoft by independent software manufacturers. These registry keys and files let Windows Security Center detect the status of independent software. In WMI mode, software manufacturers determine their own product status and report that status back to Windows Security Center through a WMI provider. In both modes, Windows Security Center tries to determine whether the following is true:

    An antivirus program is present.
    The antivirus signatures are up-to-date.
    Real-time scanning or on-access scanning is turned on for antivirus programs.
    For firewalls, Windows Security Center detects whether a third-party firewall is installed and whether the firewall is turned on or not.

     

    As far as I know, there is no general solution for this. Typically, the developers know the names of antiviruses. So most of the solutions are based on:
    1). Identifiying the AV by product name (you can get the list of installed software via Win32_Product or as it was suggested, by installer api). Try to check out this document about Win32_Product class for details - http://msdn2.microsoft.com/en-us/library/aa394378(VS.85).aspx
    2). Identifiying the AV by service names

     

    Hope this helps,

    Regards,

    Wednesday, January 02, 2008 8:08 AM
    Moderator

All replies

  • Hi,

     

    As I understand, you can try to refer to the following sample codes to get a list of the installed software in windows and then pick up the installed anti virus software from them. Here are the sample codes as follows from this newsgroup - http://www.thescripts.com/forum/thread276143.html for your reference:

    Code Block

            public void getInstalledSWList()
            {
                Microsoft.Win32.RegistryKey regKey = Microsoft.Win32.Registry.LocalMachine;
                Microsoft.Win32.RegistryKey subKey1 = regKey.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall");
                string[] subKeyNames = subKey1.GetSubKeyNames();

                foreach (string subKeyName in subKeyNames)
                {
                    Microsoft.Win32.RegistryKey subKey2 = subKey1.OpenSubKey(subKeyName);

                    if (ValueNameExists(subKey2.GetValueNames(), "DisplayName") && ValueNameExists(subKey2.GetValueNames(), "DisplayVersion"))
                    {
                       //Get the installed software list in windows through subKey2.GetValue("DisplayName").ToString()
                    }
                    subKey2.Close();
                }
                subKey1.Close();
            }

     

            private bool ValueNameExists(string[] valueNames, string valueName)
            {
                foreach (string s in valueNames)
                {
                    if (s.ToLower() == valueName.ToLower()) return true;
                }

                return false;
            }

     

     

    Hope this helps,

    Regards,

    Friday, December 28, 2007 3:37 AM
    Moderator
  • Hi  Ji Cheng Wang,

                                          To be more specific in this regard, i want to know how windows security center recognizes  various AntiVirus softwares installed on PC without using product name? It would be of great help if you could provide C# code in this regard.

     

    thanks

    S Bose

     

     

    Wednesday, January 02, 2008 7:41 AM
  • Hi Subash,

     

    For your concern how the windows security center recognizes various antivirus softwares installed on your PC, try to refer to the following explanations:

    Windows Security Center uses a two-tiered approach for detection status. One tier is manual, and the other tier is automatic through Windows Management Instrumentation (WMI). In manual detection mode, Windows Security Center searches for registry keys and files that are provided to Microsoft by independent software manufacturers. These registry keys and files let Windows Security Center detect the status of independent software. In WMI mode, software manufacturers determine their own product status and report that status back to Windows Security Center through a WMI provider. In both modes, Windows Security Center tries to determine whether the following is true:

    An antivirus program is present.
    The antivirus signatures are up-to-date.
    Real-time scanning or on-access scanning is turned on for antivirus programs.
    For firewalls, Windows Security Center detects whether a third-party firewall is installed and whether the firewall is turned on or not.

     

    As far as I know, there is no general solution for this. Typically, the developers know the names of antiviruses. So most of the solutions are based on:
    1). Identifiying the AV by product name (you can get the list of installed software via Win32_Product or as it was suggested, by installer api). Try to check out this document about Win32_Product class for details - http://msdn2.microsoft.com/en-us/library/aa394378(VS.85).aspx
    2). Identifiying the AV by service names

     

    Hope this helps,

    Regards,

    Wednesday, January 02, 2008 8:08 AM
    Moderator
  •  

    Hi Ji Cheng Wang,

                                  You are right i got the solution with both the approaches manual and using WMI. But I was stuck up with manual appraoch whether microsoft is using comparision technique to identify the AV installed or following some other technique. I have to try with some AV which is new in market, then the secret comes out.

     

    And in second appraoch (WMI) I can get information about AV which is installed following WMI guidelines.

     

    Help me with some new knowledge or approach you have.

     

    Thanks

    Subash

    Tuesday, January 08, 2008 11:03 AM