locked
Antivirus Detection on Vista SP1 and windows 7. RRS feed

  • Question

  • Hello,
    On Vista SP1 Microsoft has replaced the old detection method of antivirus by WMI.(http://windowsteamblog.com/blogs/windowssecurity/archive/2009/05/06/upcoming-action-center-changes-for-security-vendor-software.aspx)
    I've searched on MSDN  the new detection method but I've no found. Have you some documentation about the API of action center?

    Thanks,
    Charon
    Ma-Config.com
    Thursday, January 21, 2010 3:05 PM

Answers

  • Hello Charon

    According to the issue description, you are requesting the details about
    how to get an AV product to report its status to Widows Security Center. As
    far as I know, Microsoft distributes guidance about how applications from
    ISVs can report status to Windows Security Center under a nondisclosure
    agreement (NDA). To request details about how to participate in this ISV
    program, you would need to send an mail to wscisv@microsoft.com. The
    guidance will be available for the Microsoft Windows XP SP2 or Microsoft
    Windows Vista operating system. Please also try this mail address to
    request the info about the change in Win7.

    ===============
    Relevant KB article:
    ===============
    Frequently asked questions about Windows Security Center
    http://support.microsoft.com/kb/883792

    <quote>
    Q: How does Windows Security Center detect third-party products and their
    status?
    A: In Windows XP SP2 and in later versions, Windows Security Center uses a
    two-tiered approach for detection status. One tier is manual, and the other
    tier is automatic through Windows Management Instrumentation (WMI). In
    manual detection mode, Windows Security Center searches for registry keys
    and files that are provided to Microsoft by independent software
    manufacturers. These registry keys and files let Windows Security Center
    detect the status of independent software. In WMI mode, software
    manufacturers determine their own product status and report that status
    back to Windows Security Center through a WMI provider. In both modes,
    Windows Security Center tries to determine whether the following is true:
    An antivirus program is present.
    The antivirus signatures are up to date.
    Real-time scanning or on-access scanning is turned on for antivirus
    programs.
    For firewalls, Windows Security Center detects whether a third-party
    firewall is installed and whether the firewall is turned on or not.
    In Windows Vista, Windows Security center no longer uses the manual
    detection mode. All third-party products report their states into WMI. In
    addition, in Windows Vista Windows Security Center also determines whether
    the following is true:
    An antispyware program is present.
    The antispyware signatures are up to date.
    </quote>

    Regards,
    Jialiang Ge
    MSDN Subscriber Support in Forum
    If you have any feedback of our support, please contact msdnmg@microsoft.com.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Friday, January 22, 2010 1:37 AM

All replies

  • Hello Charon

    According to the issue description, you are requesting the details about
    how to get an AV product to report its status to Widows Security Center. As
    far as I know, Microsoft distributes guidance about how applications from
    ISVs can report status to Windows Security Center under a nondisclosure
    agreement (NDA). To request details about how to participate in this ISV
    program, you would need to send an mail to wscisv@microsoft.com. The
    guidance will be available for the Microsoft Windows XP SP2 or Microsoft
    Windows Vista operating system. Please also try this mail address to
    request the info about the change in Win7.

    ===============
    Relevant KB article:
    ===============
    Frequently asked questions about Windows Security Center
    http://support.microsoft.com/kb/883792

    <quote>
    Q: How does Windows Security Center detect third-party products and their
    status?
    A: In Windows XP SP2 and in later versions, Windows Security Center uses a
    two-tiered approach for detection status. One tier is manual, and the other
    tier is automatic through Windows Management Instrumentation (WMI). In
    manual detection mode, Windows Security Center searches for registry keys
    and files that are provided to Microsoft by independent software
    manufacturers. These registry keys and files let Windows Security Center
    detect the status of independent software. In WMI mode, software
    manufacturers determine their own product status and report that status
    back to Windows Security Center through a WMI provider. In both modes,
    Windows Security Center tries to determine whether the following is true:
    An antivirus program is present.
    The antivirus signatures are up to date.
    Real-time scanning or on-access scanning is turned on for antivirus
    programs.
    For firewalls, Windows Security Center detects whether a third-party
    firewall is installed and whether the firewall is turned on or not.
    In Windows Vista, Windows Security center no longer uses the manual
    detection mode. All third-party products report their states into WMI. In
    addition, in Windows Vista Windows Security Center also determines whether
    the following is true:
    An antispyware program is present.
    The antispyware signatures are up to date.
    </quote>

    Regards,
    Jialiang Ge
    MSDN Subscriber Support in Forum
    If you have any feedback of our support, please contact msdnmg@microsoft.com.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Friday, January 22, 2010 1:37 AM
  • Thank you for your fast answer :). I send the mail.
    Saturday, January 23, 2010 9:12 AM
  • I got a reply that wscisv@microsoft.com has wrong recipient. What is the correct email now? Thanks.

    Andrei.

    Friday, December 9, 2016 4:00 PM