Jump to content
Sign in to follow this  
RedneckTech

Microsoft Security Essentials

Recommended Posts

Yea, i know, dont trust M$, but its not for me. its for general purpose. All of the logs for this application are in the event viewer. Im sorry if ive just missed this, but I need to find a way to poll the event viewer log for any events from MSE and then record that to a file somehow. I've been looking and cant find anything that seems helpful. I may just be seeing what i need and not noticing it. Any help would be greatly appreciated

Share this post


Link to post
Share on other sites

Hi RedneckTech,

I've never used it but I think a good start would be to use the "_EventLog__Read" function.

:)


Regards,Hannes[spoiler]If you can't convince them, confuse them![/spoiler]

Share this post


Link to post
Share on other sites

Hi, RedneckTeck. Have you looked at the example in the Help file for _EventLog_Read? Just using the provided example, you could output to a MsgBox or some other notification if the Source matches MSE.

Edit: Too slow :)

Edited by JLogan3o13

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Share this post


Link to post
Share on other sites

Right, i looked at that, but thats just opening a gui for the last event in the log. Im looking to poll it. so do i just want do an:

If $aEvent[10] = "Security Essentials" Then

FileWriteLine( $File, $aEvent[13] )

EndIf

inside of a loop that continues until "$aEvent[4] & $aEvent[5]" is older than 23 hours (running a scan every day, so allowing ~hour to scan)? Just seems like im missing something

Share this post


Link to post
Share on other sites

ok. so after a day and a half of trial and error i can get a working example, but only reads the first/last (most recent) event in the "System" log. I was wondering if you guys had a good way to set this to scroll through and read the logs, or if there was a faster way (2d array?) to ready through every event that's less than 24 hours old.

I know that it's got a lot of steps that can be combined into a single step, but while im creating it im leaving it step by step, but heres what I've got so far.

#include <EventLog.au3>
#include <date.au3>

While $timediff < 24
   $hEventLog = _EventLog__Open("", "System")
   $aEvent = _EventLog__Read($hEventLog, True, False)
   $timearray = StringSplit( $aEvent[3], ":")
   If StringInStr ( $aEvent[3], "PM" ) Then
      $24hour = $timearray[1] + 12
      $hours = @HOUR + 24
      $timediff = $hours - $24hour
      If $timediff < 24 Then
         _Analyze()
      EndIf
   EndIf
WEnd

Func Analyze()
   If $aEvent [10] = "Windows AntiMalware" Then
      If $aEvent[8] <> "information" Then
         FileOpen (@WorkingDir & "WinAMLog.txt", 1)
         FileWriteLine ( @WorkingDir & "WinAMLog.txt", $aEvent[2] & " " & $aEvent[3] & " - " & $aEvent[13] )
      EndIf
   EndIf
EndFunc

Im thinking something along the lines of this for the scrolling, but not sure how to position it

$n = 1
While $timediff < 24
   $hEventLog = EventLog_Open("", "System")
   $aEvent = _EventLog_Read ($hEventLog, True, False, $n)
   If $timediff < 24 Then
      $n = $n + 1
   EndIf
WEnd

thats not how the final script would look, just how im trying to position it. problem is that when i do it, it doesnt work. any advice?

Share this post


Link to post
Share on other sites

been working and turns out i was looking at the script with dry eyes. came back to it yesterday after ignoring it monday and did some major editing. Here's what I have, but i still cant get it to work.

#include <EventLog.au3>
#include <date.au3>

$n = 0
$hEventLog = _EventLog__Open("", "System")
$timediff = 0
While $timediff < 24
   $aEvent = _EventLog__Read($hEventLog, False, False, $n)
   $timearray = StringSplit( $aEvent[5], ":")
   $datearray = StringSplit( $aEvent[4], "/")
   $24hour = $timearray[1]
   If StringInStr ( $aEvent[5], "PM" ) Then
      $24hour = $timearray[1] + 12
   EndIf
   If $datearray[2] <> @MDAY Then
      $24hour = $24hour + 24
   EndIf
   $hours = @HOUR
   $timediff = $hours - $24hour
   If $timediff < 24 Then
      _Analyze()
      $n = $n + 1
   EndIf
WEnd

Func Analyze()
   If $aEvent [10] = "Windows AntiMalware" Then
      If $aEvent[8] <> "information" Then
         FileOpen (@WorkingDir & "WinAMLog.txt", 1)
         FileWriteLine ( @WorkingDir & "WinAMLog.txt", $aEvent[2] & " " & $aEvent[3] & " - " & $aEvent[13] )
      EndIf
   EndIf
EndFunc

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By argumentum
      This is a UDF to handle the AutoIt Error msgbox when our awesome code goes 
      I've been using trancexx's code for the longest time and since I iron some wrinkles in my ( personal use ) UDF, decided to organize it in a dignifying way and post it.
      The ZIP with the code is in the downloads area.
      I'm posting this because most other handlers use /ErrorStdOut to catch errors and they are not that common, for us great coders 
      So makes little sense to me to run 2 EXEs for something unlikely to happen. No one made a UDF of this, so, I did.
      oh, ..there are things where this will be of no use, say, infinite recursion or what not, so, if the the AutoIt Error msgbox was to popup then this UDF should do it.
      ...let me know if you liked it, or post your views to better it.
      Cheers
      There is also an EventViewer_GetMyEntries() down this post that may come in handy.
×
×
  • Create New...