Sign in to follow this  
Followers 0
BinaryBrother

Detect Antivirus

23 posts in this topic

#1 ·  Posted (edited)

I couldn't find a satisfactory example on the forums, mainly because the interface that I'm using is undocumented and MS wants to keep it that way.

This is the first revision of this example. I just wanted to post it while I had time to give other users a better starting point.

Only works on Vista+, only gets first instance of AV found. If nobody cleans this up, I'll come back in a few days and post the finished product.

Windows XP has an interface [/root/SecurityCenter], but I don't need it.

This returns an $Array[4] with the below information.

Console:

Current AV: Microsoft Security Essentials
State: Enabled
pathToSignedProductExe:   C:\Program Files\Microsoft Security Client\msseces.exe
pathToSignedReportingExe: C:\Program Files\Microsoft Security Client\MsMpEng.exe
Func _GetAVInfo()
    Dim $lArray[4]
    $oWMI = ObjGet("winmgmts:\\localhost\root\SecurityCenter2")
    $colItems = $oWMI.ExecQuery("Select * from AntiVirusProduct")
    For $objAntiVirusProduct In $colItems
        $lArray[0] = $objAntiVirusProduct.displayName
        $lArray[1] = $objAntiVirusProduct.productstate
        $lArray[2] = $objAntiVirusProduct.pathToSignedProductExe
        $lArray[3] = $objAntiVirusProduct.pathToSignedReportingExe
    Next
    Dim $AvStatus = Hex($lArray[1])
    If StringMid($AvStatus, 5, 2) = "10" Or StringMid($AvStatus, 5, 2) = "11" Then
        $lArray[1] = "Enabled"
    ElseIf StringMid($AvStatus, 5, 2) = "00" Or StringMid($AvStatus, 5, 2) = "01" Then
        $lArray[1] = "Disabled"
    EndIf
    Return $lArray
EndFunc   ;==>_GetAVInfo

Resources:

http://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/bd97d9e6-75c1-4f58-9573-9009df5de19b/security-center-api
http://social.msdn.microsoft.com/Forums/en-US/6501b87e-dda4-4838-93c3-244daa355d7c/wmisecuritycenter2-productstate
http://screen317.spywareinfoforum.org/

http://neophob.com/2010/03/wmi-query-windows-securitycenter2

Another method to check for Antivirus/Firewall status
http://chentiangemalc.wordpress.com/2013/04/09/accessing-windows-security-centre-status-from-powershell/
http://msdn.microsoft.com/en-us/library/bb432509(VS.85).aspx

Edited by BinaryBrother
2 people like this

Share this post


Link to post
Share on other sites



Works with Trend Micro Client/Server Security Agent Antivirus

 

[0]|Trend Micro Client/Server Security Agent Antivirus
[1]|270336
[2]|c:Program Files (x86)Trend MicroClient Server Security AgentPccntmon.exe
[3]|C:Program Files (x86)Trend MicroClient Server Security AgentTmListen.exe
 

 

Thanks

this is very useful

1 person likes this

Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites

Example please D:

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Here we go... :)

 

#include <Array.au3>


Global Const $___WMI_WBEMFLAGFORWARDONLY = 0x20 ; Causes a forward-only enumerator to be returned. Forward-only enumerators are generally much faster and use less memory than conventional enumerators, but they do not allow calls to 'SWbemObject.Clone_()'.
Global Const $___WMI_WBEMFLAGRETURNIMMEDIATELY = 0x10 ; Causes the call to return immediately.


Local $aWMISecurityCenter2 = _WMI_SecurityCenter2() ; "AntiVirusProduct", local host.
If Not @error Then
    _ArrayDisplay($aWMISecurityCenter2, "_WMI_SecurityCenter2")
Else ; Error.
    MsgBox(0, "", "ERROR!")
EndIf


; [http://social.msdn.microsoft.com/Forums/en-US/6501b87e-dda4-4838-93c3-244daa355d7c/wmisecuritycenter2-productstate/],
; [http://theroadtodelphi.wordpress.com/2011/02/18/getting-the-installed-antivirus-antispyware-and-firewall-software-using-delphi-and-the-wmi/].
Func _WMI_SecurityCenter2(Const $iSelectStatement = 0, Const $sComputerName = ".")
    Local $aReturn[6] = ["", "", "", "", "", "Unknown"]
    Local $oWMIService = ObjGet("winmgmts:\\" & $sComputerName & "\root\SecurityCenter2")
    If Not @error Then
        Local $sSelectStatement = "Select * From "
        Switch Abs(Int($iSelectStatement, Default))
            Case 1
                $aReturn[0] = "AntiSpywareProduct"
            Case 2
                $aReturn[0] = "FirewallProduct"
            Case Else ; Case 0
                $aReturn[0] = "AntiVirusProduct" ; Default.
        EndSwitch
        $sSelectStatement &= $aReturn[0]
        ; --------------------------------------------------------------------------------------------------------
        Local $colItems = $oWMIService.ExecQuery($sSelectStatement, "WQL", $___WMI_WBEMFLAGFORWARDONLY + $___WMI_WBEMFLAGRETURNIMMEDIATELY)
        If IsObj($colItems) Then
            Local $iProductState = 0
            For $colItem In $colItems
                $aReturn[1] = $colItem.displayName
                $aReturn[2] = $colItem.instanceGuid
                $aReturn[3] = $colItem.pathToSignedProductExe
                $aReturn[4] = $colItem.pathToSignedReportingExe
                ; --------------------------------------------------------------------------------------------------------
                $iProductState = Hex($colItem.productState, 8)
                Switch StringMid($iProductState, 5, 2)
                    Case "00", "01"
                        $aReturn[5] = "Disabled"
                    Case "10", "11"
                        $aReturn[5] = "Enabled"
                EndSwitch
                If $aReturn[0] <> "FirewallProduct" Then
                    Switch StringMid($iProductState, 7, 2)
                        Case "00"
                            $aReturn[5] &= " (Up-To-Date)"
                        Case "10"
                            $aReturn[5] &= " (Out-Of-Date)"
                    EndSwitch
                EndIf
            Next
        Else ; Error.
            SetError(2, 0)
        EndIf
    Else ; Error.
        SetError(1, 0)
    EndIf
    Return $aReturn
EndFunc   ;==>_WMI_SecurityCenter2

Furthermore, I've added some error checking...

Edited by supersonic

Share this post


Link to post
Share on other sites

Dosn't work. I have installed AVAST - Antivirus.

:

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

Good lookin' out, supersonic.

@mlipok, $Array[1] is erroneous in your results. It returned the "productState" code rather than "Enabled" or "Disabled". Which indicates that I'm missing something about that productState code. Which doesn't surprise me, we're not really suppose to be using it. ;P

Reading more into your output, mlipok, I've found some more information. :)

https://code.google.com/p/driverpacksolution/source/browse/trunk/tools/modules/diagnostics/avScanner.js?r=337

/*
 
See this tweak:
 
 
Avira - Av enabled and updated:
266240 -> 41000
 
Avira - Av disabled and updated:
270336 -> 42000
 
Avira - Av enabled and not updated:
266256 -> 41010
 
Avira - Av disabled and not updated:
270352 -> 42010
 
Microsoft Essentional - enabled and updated:
397312 -> 61000
 
Microsoft Essentional - disabled and updated:
393216 -> 60000
*/
 
function avScanner(){
        var mrtInSystem = env_windir+'System32MRT.exe';
        var mrtInDRP = softFolder+'MRT.exe';
        
        try {
                if (fso.FileExists(mrtInSystem)) {
                        var mrtInSystemDate = fso.GetFile(mrtInSystem).DateLastModified;
                        var mrtInDRPDate = fso.GetFile(mrtInDRP).DateLastModified;
                        if (mrtInSystemDate>mrtInDRPDate) {
                                //Run av-scanner from Windows
                                WshShell.Run(mrtInSystem,1,false);
                        }
                        else {
                                //Run av-scanner from DRP
                                WshShell.Run(mrtInDRP,1,false);
                        }
                }
                else if (is64) {
                        winRun(mrtInSystem,'','',true);
                }
                else {
                        //Run av-scanner from DRP
                        WshShell.Run(mrtInDRP,1,false);
                }
        }
        catch(e) { alert(avScanner_error); }
}
 
 
function avStatus(type){
        
        
        var ret=false;
        if (OSVersion >= 6) {
                var productState = parseInt(antivirus[0].productState).toString(16);
                
                if (type=='upToDate'){
                        var parseState=productState.substring(productState.length-2,productState.length);
                        var ret=(parseState!='00'?false:true);
                }
                
                if (type=='avActive'){
                        var parseState=productState.substring(productState.length-4,productState.length-2);
                        var ret=(parseState!='10'?false:true);
                }
                
                if (type=='avType'){
                        var parseState=productState.substring(productState.length-6,productState.length-4);
                        var ret=parseState;
                }
        }
        else {
                if (type=='upToDate'){
                        var parseState=antivirus[0].productUptodate;
                        var ret=(parseState!=='false'?true:false);
                }
                
                if (type=='avActive'){
                        var parseState=antivirus[0].onAccessScanningEnabled;
                        var ret=(parseState!=='false'?true:false);
                }
                
                if (type=='avType'){
                        return false;
                }
        }
        
        return ret;
}
 
function avStatus_alert(){
        if (antivirus.length==0) { return false; }
        var ant='';
        var ant_before="<div class='alert alert-block alert-diagn' id='antivirus-alert'><button type='button' class='close' data-dismiss='alert'>×</button>";
        var ant_after="</div>";
        var ant_offer_reinstall='<div id="antivirus-alert-btn"><a href="#" class="btn btn-info" onclick="antivirus_inst(); return false;" id="avScanner_installNewAv">'+avScanner_installNewAv+'</a> &nbsp;&nbsp; <a href="#" class="btn btn-warning btn-mini" onclick="return avRemove();" id="avScanner_remove">'+avScanner_remove+'</a></div>';
 
        //Debug
        //if ((avStatus('avActive'))||(avStatus('upToDate'))){
        
        if ((!avStatus('avActive'))&&(!avStatus('upToDate'))){
                ant=ant_before+avScanner_notActiveNotUpToDate+ant_offer_reinstall+ant_after;
                addDiagAlert('antivirus','Antivirus','warning');
        }
        else if (!avStatus('avActive')){
                ant=ant_before+avScanner_notActive+ant_offer_reinstall+ant_after;
                addDiagAlert('antivirus','Antivirus','warning');
        }
        else if (!avStatus('upToDate')){
                ant=ant_before+avScanner_notUpToDate+ant_offer_reinstall+ant_after;
                addDiagAlert('antivirus','Antivirus','warning');
        }
        document.getElementById('avStatus_alert').innerHTML=ant;
}

 

@Marcel789,
What OS are you running?
What is the current state of UAC?
What happens when you "Run as Administrator"?
What exactly happens when you run this?

Edited by BinaryBrother

Share this post


Link to post
Share on other sites

this is new computer, with Demo Antyvirus

The customer will integrate antivirus software.
Everything will be uninstalled and installed the new software.


Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

@mlipok, Found it! Your AV is out of date? ^.^
 

find /i "397312" AVstate.txt>nul && set updatestatus=Antivirus up to date!
find /i "393216" AVstate.txt>nul && set scanstatus=(On Access scanning [b]disabled[/b]!)
find /i "266240" AVstate.txt>nul && set updatestatus=Antivirus up to date!
find /i "270336" AVstate.txt>nul && set updatestatus=[color=red][b]Antivirus out of date![/b][/color]
find /i "266256" AVstate.txt>nul && set updatestatus=[color=red][b]Antivirus out of date![/b][/color]
find /i "262144" AVstate.txt>nul && set updatestatus=Antivirus up to date! 
find /i "262144" AVstate.txt>nul && set scanstatus=(On Access scanning [b]disabled[/b]!)
find /i "262160" AVstate.txt>nul && set updatestatus=[color=red][b]Antivirus out of date![/b][/color]
find /i "262160" AVstate.txt>nul && set scanstatus=(On Access scanning [b]disabled[/b]!)
find /i "266240" AVstate.txt>nul && set updatestatus=Antivirus up to date! 

This came from Secret317's SecurityCheck tool.

Edited by BinaryBrother

Share this post


Link to post
Share on other sites

It found mine. BinaryBrother, I do have a couple of points to add.

  • Create a small example of usage as not everyone will understand what to do.
  • Don't use Dim, use Local instead as $lArray might be defined as Global in someones script. UDFs and examples should never use Dim, well actually Dim should never be used period.
#include <Array.au3>

Example()

Func Example()
    ; Store the array returned by _GetAVInfo() in a variable
    Local $aAntiVirusInfo = _GetAVInfo()

    ; Display the 4 element array.
    _ArrayDisplay($aAntiInfo)
EndFunc   ;==>Example

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

Funny

This is new Dell Vostro with Intel i7 buyed one week ago


Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites

 

[0]|ESET Smart Security 6.0

[1]|Enabled
[2]|C:Program FilesESETESET Smart Securityecmd.exe
[3]|C:Program FilesESETESET Smart Securityx86ekrn.exe

Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites

Funny

This is new Dell Vostro with Intel i7 buyed one week ago

it could have been sitting in the warehouse a lot longer.


_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

it is quite likely


Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites

Dosn't work. I have installed AVAST - Antivirus.

:

 

Maybe You have problem with WMI ?

Try This

#include <Array.au3>


Global Const $___WMI_WBEMFLAGFORWARDONLY = 0x20 ; Causes a forward-only enumerator to be returned. Forward-only enumerators are generally much faster and use less memory than conventional enumerators, but they do not allow calls to 'SWbemObject.Clone_()'.
Global Const $___WMI_WBEMFLAGRETURNIMMEDIATELY = 0x10 ; Causes the call to return immediately.


Local $aAVInfo = _GetAVInfo() ; Local host.
$error = @error
$extended = @extended
If Not $error Then
    _ArrayDisplay($aAVInfo, "$aAVInfo")
Else ; Error.
    MsgBox(0, "ERROR!", $error & @CRLF & $extended)
EndIf


Func _GetAVInfo($sComputerName = ".")
    Local $aReturn[4]
    Local $oWMIService = ObjGet("winmgmts:\\" & $sComputerName & "\root\SecurityCenter2")
    Local $error = @error
    ConsoleWrite('IsObj() = ' & IsObj($oWMIService) & @CRLF)
    If Not $error Then
        Local $colItems = $oWMIService.ExecQuery("Select * From AntiVirusProduct", "WQL", $___WMI_WBEMFLAGFORWARDONLY + $___WMI_WBEMFLAGRETURNIMMEDIATELY)
        If IsObj($colItems) Then
            For $colItem In $colItems
                $aReturn[0] = $colItem.displayName
                $aReturn[1] = $colItem.productState
                $aReturn[2] = $colItem.pathToSignedProductExe
                $aReturn[3] = $colItem.pathToSignedReportingExe
            Next
            Switch StringMid(Hex($aReturn[1]), 5, 2)
                Case "00", "01"
                    $aReturn[1] = "Disabled"
                Case "10", "11"
                    $aReturn[1] = "Enabled"
            EndSwitch
        Else ; Error.
            Return SetError(2, $error)
        EndIf
    Else ; Error.
        Return SetError(1, $error)
    EndIf
    Return $aReturn
EndFunc   ;==>_GetAVInfo

Post Your console message ?

Do You have MsgBox Message ?

1 person likes this

Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites

I search google

and I find :) this

'?do=embed' frameborder='0' data-embedContent>>

1 person likes this

Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites

Nice! It found Symantec on Win7 (64-bit):

[0]|Symantec Endpoint Protection
[1]|Enabled
[2]|C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\WSCSavNotifier.exe
[3]|C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
1 person likes this

Share this post


Link to post
Share on other sites

It works for me too :)

[0]|Avira Desktop
[1]|Enabled
[2]|C:\Program Files\Avira\AntiVir Desktop\wsctool.exe
[3]|C:\Program Files\Avira\AntiVir Desktop\avwsc.exe

If you change "From AntiVirusProduct" to "From FirewallProduct" it will display the firewall info

[0]|COMODO Firewall
[1]|Enabled
[2]|C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
[3]|C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

 

Share this post


Link to post
Share on other sites

I forgot to mention that the stringmid/stringlen stuff on the product state comes from these forums. I'll post the resource later today...

Share this post


Link to post
Share on other sites

 

It found mine. BinaryBrother, I do have a couple of points to add.

  • Create a small example of usage as not everyone will understand what to do.
  • Don't use Dim, use Local instead as $lArray might be defined as Global in someones script. UDFs and examples should never use Dim, well actually Dim should never be used period.

 

Thanks, guinness. Honestly, I had a brain-fart and couldn't remember if Local would initialize an array, or not. I must have had a small seizure, there.  >_<

Share this post


Link to post
Share on other sites

Worked with 64-bit Kaspersky on a 64-bit Win7.

Interesting to find that the 64-bit Kaspersky stores the files in Program FIles (x86).

[0]|Kaspersky Endpoint Security 8 for Windows

[1]|Enabled

[2]|C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\wmiav.exe

[3]|C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\x64\wmi64.exe

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0