Jump to content

Detect resident antivirus, antispyware, firewall.

Dany3j
 Share

Recommended Posts

Dany3j Seeker

Dany3j

Posted
Posted

Hello.

Is it possible to convert this vbs script to AutoIt?

VBS:

Const ForAppending = 2
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objLogFile = objFSO.OpenTextFile("Report.txt", ForAppending, True)
Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")
     For Each obj in oWMI.ExecQuery("Select * from AntiVirusProduct")
     If InStr(2, Hex(obj.productState), "1", 0) = 2 Then enabled = " [Enabled" Else enabled = " [Disabled"
     If InStr(4, Hex(obj.productState), "0", 0) = 4 Then updated = "|Updated] " Else updated = "|Outdated] "
     objLogFile.Write("AntiVirus: " _
         & obj.displayName _
         & Enabled _
         & Updated _
         & vbCrLf )
Next
For Each obj in oWMI.ExecQuery("Select * from AntiSpywareProduct")
     If InStr(2, Hex(obj.productState), "1", 1) = 2 Then enabled = " [Enabled" Else enabled = " [Disabled"
     If InStr(4, Hex(obj.productState), "0", 1) = 4 Then updated = "|Updated] " Else updated = "|Outdated] "
     objLogFile.Write("AntiSpyware: " _
         & obj.displayName _
         & Enabled _
         & Updated _
         & vbCrLf )
Next
For Each obj in oWMI.ExecQuery("Select * from FirewallProduct")
     If InStr(2, Hex(obj.productState), "1", 1) = 2 Then enabled = " [Enabled] " Else enabled = " [Disabled] "
     objLogFile.Write("Firewall: " _
         & obj.displayName _
         & Enabled _
         & vbCrLf )
Next

Currently use this, but only shows the Aantivirus and in case you have two AntiVirus installed shows only one in the msgbox:

_AV()
Func _AV()
Local $avname
If @OSVersion = "WIN_XP" Then
$oWMI = ObjGet("winmgmts:\\localhost\root\SecurityCenter")
Else
$oWMI = ObjGet("winmgmts:\\localhost\root\SecurityCenter2")
EndIf
$colItems = $oWMI.ExecQuery("Select * from AntiVirusProduct")
For $objAntiVirusProduct In $colItems
$avname = $objAntiVirusProduct.displayName
Next
If $avname = False Then
MsgBox(0,"AV","You must install an antivirus")
else
MsgBox(0,"AV", $avname)
EndIf
EndFunc

Thanks.

Thinking("Autoit")
Link to comment
Share on other sites
BrewManNH Universalist

BrewManNH

Posted
Posted

In researching this, I have come to the conclusion that the .productstate values aren't documented, so checking for specific values in specific areas won't yield much information. There's a lot of guess work involved in every link I've read as to what each value means, but they tend to differ depending on which site you go to.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites
Dany3j Seeker

Dany3j

Posted
  • Author
Posted

Hello.

Well, here I leave a code to detect the Antivirus, if is enabled and updated.

Thanks.

_AV()
Func _AV()
If @OSVersion = "WIN_XP" Then
$oWMI = ObjGet("winmgmts:localhostrootSecurityCenter")
Else
$oWMI = ObjGet("winmgmts:localhostrootSecurityCenter2")
EndIf

$avname=""
$colItems = $oWMI.ExecQuery("Select * from AntiVirusProduct")
For $objAntiVirusProduct in $colItems
if stringmid ($objAntiVirusProduct.productState,4,1) = 2 then
$enable =" [Enable"
else
$enable =" [Disable"
if stringmid ($objAntiVirusProduct.productState,5,1) = 4 then
$update ="|Updated]"
Else
$update ="|Outdated]"
endif
endif


$avname = $avname & $objAntiVirusProduct.displayName & $enable & $update & @CRLF
Next
If $avname = False Then
MsgBox(0,"AV","should install an antivirus")
Else
MsgBox(0,"AV", $avname)
EndIf
EndFunc

Can be improved.

Salu2.

Thinking("Autoit")
Link to comment
Share on other sites
BrewManNH Universalist

BrewManNH

Posted
Posted

Same here JohnOne, says everything is disabled or outdated, because the values returned by .productstate doesn't correspond to what the script is expecting to see, even though everything is up to date.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites
BrewManNH Universalist

BrewManNH

Posted
Posted

As stated, no one but Microsoft knows for sure what's returned by ".productstate", so unless you know exactly what your version of software returns, it's not going to help much.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites
BrewManNH Universalist

BrewManNH

Posted
Posted

Unfortunately neither of those links point to anything related to this script, plus those links only apply to Windows 8 and not Windows 7 or below.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites
  • 1 month later...
d0rkye Seeker

d0rkye

Posted
Posted

This is what i'm using it works with xp and 7, 8 . Hope it will help someone. Tested with MSE, Avira, Avast. 

Global $state
If @OSVersion = "WIN_XP" Then
$oWMI = ObjGet("winmgmts:\\localhost\root\SecurityCenter")
$colItems = $oWMI.ExecQuery("Select * from AntiVirusProduct")
For $objAntiVirusProduct In $colItems
$state = $objAntiVirusProduct.onAccessScanningEnabled
Next
if $state = True Then
MsgBox(0,"Info","AV Enabled")
Else
MsgBox(0,"Info","AV Disabled")
EndIf
Else
$oWMI = ObjGet("winmgmts:\\localhost\root\SecurityCenter2")
$colItems = $oWMI.ExecQuery("Select * from AntiVirusProduct")
For $objAntiVirusProduct In $colItems
$state = $objAntiVirusProduct.productstate
Next
Dim $AvStatus = Hex($state)
If StringMid($AvStatus, 5, 2) = "10" Or StringMid($AvStatus, 5, 2) = "11" Then
MsgBox(0, "Info", "AV Enabled")
ElseIf StringMid($AvStatus, 5, 2) = "00" Or StringMid($AvStatus, 5, 2) = "01" Then
MsgBox(0, "Info", "AV Disabled")
EndIf
EndIf
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...