Sign in to follow this  
Followers 0
ant2ne

Looking for ideas on gathering Security Center's status

3 posts in this topic

I'm writing a script that gathers information on a system. I'm looking for some way to tell the status of the security center on a group of Servers (2000 to 2008r2), i want to append the output to a simple log file. and then I'm sending that log file to a central location. All of this is done as a service behind the scenes with no gui or user output.

What I'm stuck on is how to get the status of the security center. For example, when you log into the console the bubble pops up on the bottom right of the task bar saying that your firewall is off, or your anti-virus is out of date etc. I'm looking for ideas on how to get that status into my log file. I've done some googling around and it doesn't appear that anyone has ever desired such a thing.

Share this post


Link to post
Share on other sites



Hi, ant2ne. If you're looking specifically for firewall, I would check the registry - HKLMSYSTEMCurrentControlSetservicesSharedAccessParametersFirewallPolicyDomainProfile EnableFirewall will either be 0 or 1.

Regarding AV, it depends on the product you use, but most products add something into the registry for the last time they updated virus definitions. The customer site I am at this morning uses McAfee, for example, and they list their AVDate and Version under HKLMSOFTWAREMcAfeeAVEngine. You should be able to determine a similar key for Symantec or any other product your company uses.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

This might help with the problem

Dont know who the origanal author was

ConsoleWrite(_AV())
Func _AV()
    Local $update
    If @OSVersion = "WIN_XP" Then
        $oWMI = ObjGet("winmgmts:localhostrootSecurityCenter")
    Else
        $oWMI = ObjGet("winmgmts:localhostrootSecurityCenter2")
    EndIf

    $avname = ""
    $colItems = $oWMI.ExecQuery("Select * from AntiVirusProduct")
    For $objAntiVirusProduct In $colItems
        If StringMid($objAntiVirusProduct.productState, 4, 1) = 2 Then
            $enable = " [ Enabled "
        Else
            $enable = " [ Disabled "
            If StringMid($objAntiVirusProduct.productState, 5, 1) = 4 Then
                $update = "| Updated]"
            Else
                $update = "| Outdated]"
            EndIf
        EndIf
        $avname = $avname & $objAntiVirusProduct.displayName & $enable & $update & @CRLF
    Next
    If $avname = False Then
        MsgBox(0, "AV", "should install an antivirus")
    Else
        MsgBox(0, "AV", $avname)
    EndIf
EndFunc   ;==>_AV

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0