ant2ne Posted December 17, 2012 Share Posted December 17, 2012 I'm writing a script that gathers information on a system. I'm looking for some way to tell the status of the security center on a group of Servers (2000 to 2008r2), i want to append the output to a simple log file. and then I'm sending that log file to a central location. All of this is done as a service behind the scenes with no gui or user output. What I'm stuck on is how to get the status of the security center. For example, when you log into the console the bubble pops up on the bottom right of the task bar saying that your firewall is off, or your anti-virus is out of date etc. I'm looking for ideas on how to get that status into my log file. I've done some googling around and it doesn't appear that anyone has ever desired such a thing. Link to comment Share on other sites More sharing options...
Moderators JLogan3o13 Posted December 19, 2012 Moderators Share Posted December 19, 2012 Hi, ant2ne. If you're looking specifically for firewall, I would check the registry - HKLMSYSTEMCurrentControlSetservicesSharedAccessParametersFirewallPolicyDomainProfile EnableFirewall will either be 0 or 1.Regarding AV, it depends on the product you use, but most products add something into the registry for the last time they updated virus definitions. The customer site I am at this morning uses McAfee, for example, and they list their AVDate and Version under HKLMSOFTWAREMcAfeeAVEngine. You should be able to determine a similar key for Symantec or any other product your company uses. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum! Link to comment Share on other sites More sharing options...
Chimaera Posted December 19, 2012 Share Posted December 19, 2012 This might help with the problem Dont know who the origanal author was ConsoleWrite(_AV()) Func _AV() Local $update If @OSVersion = "WIN_XP" Then $oWMI = ObjGet("winmgmts:localhostrootSecurityCenter") Else $oWMI = ObjGet("winmgmts:localhostrootSecurityCenter2") EndIf $avname = "" $colItems = $oWMI.ExecQuery("Select * from AntiVirusProduct") For $objAntiVirusProduct In $colItems If StringMid($objAntiVirusProduct.productState, 4, 1) = 2 Then $enable = " [ Enabled " Else $enable = " [ Disabled " If StringMid($objAntiVirusProduct.productState, 5, 1) = 4 Then $update = "| Updated]" Else $update = "| Outdated]" EndIf EndIf $avname = $avname & $objAntiVirusProduct.displayName & $enable & $update & @CRLF Next If $avname = False Then MsgBox(0, "AV", "should install an antivirus") Else MsgBox(0, "AV", $avname) EndIf EndFunc ;==>_AV If Ive just helped you ... miracles do happen. Chimaera CopyRobo() * Hidden Admin Account Enabler * Software Location From Registry * Find Display Resolution * _ChangeServices() Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now