none
Get antivirus information using C++ or C# RRS feed

  • Question

  • Reason being not language specific, Since I was asked to use any of these 2 languages.

    I am trying to fetch any antivirus information from user machine. Does anyone know how this can be acheived.

    I am trying to get this information on

    Windows 7, 8 and Windows 2008 operating system.

    I have tried it using WMI query with different namespaces

    \root\SecurityCenter,

    \root\SecurityCenter2,

    \root\Security.

    another way I have tried it using Windows Security Center API  that too wont help me out.

    I am specifically looking for :

    ·AV Version

    ·AV Definition Version

    ·AV Definition Last Updated

    Thursday, October 10, 2013 9:27 AM

Answers

  • Hi Amit,

    Welcome to MSDN forums.

    I would suggest you refer to blog and the thread with similar issue. And I will share some information mentioned in the links.

    Blog:How to get Antivirus information with WMI (VBScript)

    "As we read in Windows Security Center – Managing the State of Security, the vast majority of antivirus Independent Software Vendors (ISVs) support WMI integration. Windows Security Center uses it to detect antivirus and firewall solutions.

    The following script shows how to get some information from those solutions:"

    strComputer = "."
        
    Set oWMI = GetObject( _
      "winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\SecurityCenter")
      
    Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")
    
    For Each objItem in colItems
      With objItem
        WScript.Echo .companyName
        WScript.Echo .displayName
        WScript.Echo .instanceGuid
        WScript.Echo .onAccessScanningEnabled
        WScript.Echo .pathToSignedProductExe
        WScript.Echo .productHasNotifiedUser
        WScript.Echo .productState
        WScript.Echo .productUptoDate
        WScript.Echo .productWantsWscNotifications
        WScript.Echo .versionNumber  
      End With
    Next
    

    Thread URL:http://stackoverflow.com/questions/4750507/check-anti-virus-status-in-c-sharp

    "Sample can be found here using WMI as you mentioned. The poster states this is being done on a Win 7 machine; so the code below should get you started..."

    ConnectionOptions _connectionOptions = new ConnectionOptions(); //Not required while checking it in local machine. //For remote machines you need to provide the credentials //options.Username = ""; //options.Password = ""; _connectionOptions.EnablePrivileges = true; _connectionOptions.Impersonation = ImpersonationLevel.Impersonate; //Connecting to SecurityCenter2 node for querying security details ManagementScope _managementScope = new ManagementScope(string.Format("\\\\{0}\\root\\SecurityCenter2", ipAddress), _connectionOptions); _managementScope.Connect(); //Querying ObjectQuery _objectQuery = new ObjectQuery("SELECT * FROM AntivirusProduct"); ManagementObjectSearcher _managementObjectSearcher = new ManagementObjectSearcher(_managementScope, _objectQuery); ManagementObjectCollection _managementObjectCollection = _managementObjectSearcher.Get(); if (_managementObjectCollection.Count > 0) { foreach (ManagementObject item in _managementObjectCollection) { Console.WriteLine(item["displayName"]); //For Kaspersky AntiVirus, I am getting a null reference here. //Console.WriteLine(item["productUptoDate"]); //If the value of ProductState is 266240 or 262144, its an updated one. Console.WriteLine(item["productState"]); } }


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, October 11, 2013 9:50 AM

All replies

  • Thanks, but that was not really helpful.
    Thursday, October 10, 2013 11:28 AM
  • Hi Amit,

    Welcome to MSDN forums.

    I would suggest you refer to blog and the thread with similar issue. And I will share some information mentioned in the links.

    Blog:How to get Antivirus information with WMI (VBScript)

    "As we read in Windows Security Center – Managing the State of Security, the vast majority of antivirus Independent Software Vendors (ISVs) support WMI integration. Windows Security Center uses it to detect antivirus and firewall solutions.

    The following script shows how to get some information from those solutions:"

    strComputer = "."
        
    Set oWMI = GetObject( _
      "winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\SecurityCenter")
      
    Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")
    
    For Each objItem in colItems
      With objItem
        WScript.Echo .companyName
        WScript.Echo .displayName
        WScript.Echo .instanceGuid
        WScript.Echo .onAccessScanningEnabled
        WScript.Echo .pathToSignedProductExe
        WScript.Echo .productHasNotifiedUser
        WScript.Echo .productState
        WScript.Echo .productUptoDate
        WScript.Echo .productWantsWscNotifications
        WScript.Echo .versionNumber  
      End With
    Next
    

    Thread URL:http://stackoverflow.com/questions/4750507/check-anti-virus-status-in-c-sharp

    "Sample can be found here using WMI as you mentioned. The poster states this is being done on a Win 7 machine; so the code below should get you started..."

    ConnectionOptions _connectionOptions = new ConnectionOptions(); //Not required while checking it in local machine. //For remote machines you need to provide the credentials //options.Username = ""; //options.Password = ""; _connectionOptions.EnablePrivileges = true; _connectionOptions.Impersonation = ImpersonationLevel.Impersonate; //Connecting to SecurityCenter2 node for querying security details ManagementScope _managementScope = new ManagementScope(string.Format("\\\\{0}\\root\\SecurityCenter2", ipAddress), _connectionOptions); _managementScope.Connect(); //Querying ObjectQuery _objectQuery = new ObjectQuery("SELECT * FROM AntivirusProduct"); ManagementObjectSearcher _managementObjectSearcher = new ManagementObjectSearcher(_managementScope, _objectQuery); ManagementObjectCollection _managementObjectCollection = _managementObjectSearcher.Get(); if (_managementObjectCollection.Count > 0) { foreach (ManagementObject item in _managementObjectCollection) { Console.WriteLine(item["displayName"]); //For Kaspersky AntiVirus, I am getting a null reference here. //Console.WriteLine(item["productUptoDate"]); //If the value of ProductState is 266240 or 262144, its an updated one. Console.WriteLine(item["productState"]); } }


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, October 11, 2013 9:50 AM
  • Hi. This script is only working on client OSes. Server os(2008,2012,etc) has no real usage for this script. Is there any workaround of this for server os?
    Monday, October 31, 2016 11:56 AM