Jump to content

Detect antivirus present


Guest Nuno Rodrigues
 Share

Recommended Posts

Guest Nuno Rodrigues

Hi there...

Is there any way to know if there is any antivirus installed in the system?? And to know if the automatic updates are enabled or not??

I'm writing a script to install several apps, but first I have t know if there is any other antivirus installed in the system, for not having two of them installed in the same system.

Regarding to automatic updates, I wanna know, if it or not enabled, because if not, I will activate it using the script.

Thanks in advance...

Link to comment
Share on other sites

Guest Nuno Rodrigues

*Cough* *Cough*

Trying to install multiple coppies of malware?

*cough* *Cough*

No, I'm really writing an automated install system, for several apps, like JRE, Adobe, certain updates, automatic desktop walpaper, windows optimisations - cache and themes - that's why I need that script... nothink else...

any way, if there is a antivirus installed, I'll not uninstall it...

Link to comment
Share on other sites

Well, you can check if the process exists (with the function "ProcessExists")

Here could be an example:

If ProcessExists("SomeAntiVirusProcess.exe") Then
   MsgBox(0, "AntiVirus Detected", "We have detected you are using an anti-virus. Please disable this program for the installation to work")
EndIf

Don't end the processes yourself because many anti-virus programs have ties with System processes, thus shutting down your system.

Link to comment
Share on other sites

Guest Nuno Rodrigues

Well, you can check if the process exists (with the function "ProcessExists")

Here could be an example:

If ProcessExists("SomeAntiVirusProcess.exe") Then
   MsgBox(0, "AntiVirus Detected", "We have detected you are using an anti-virus. Please disable this program for the installation to work")
EndIf

Don't end the processes yourself because many anti-virus programs have ties with System processes, thus shutting down your system.

Ok, It would work if I know exactly what antivirus program is installed, to exactly know it's process... ;)
Link to comment
Share on other sites

Is there any way to grab that data from the registry?? To know what antivirus program is installed, and if the automatic updates are enabled?? ;)

Not sure if this is what you are looking for but this might help with detecting if autoupdates are enabled.

KeyName:HKEY_LOCAL_MACHINE\Software\Policies \Microsoft\Windows\WindowsUpdate\AU

ValueName:NoAutoUpdate

here are the possible values:

0 - False (Do not disable AutoUpdate)

1 - True (Disable AutoUpdate)

That information was found here.

HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.
Link to comment
Share on other sites

Guest Nuno Rodrigues

Thanks SolidSnake...

It was'nt quite that that I needed, but I've found it on the link page you provided ;)

Found what I needed in this registry key:

HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Security Center

that is, if there is a antivirus present the reg values will "saay" that, and als the automatic updates...

Anyway, thanks alot...

Edited by Nuno Rodrigues
Link to comment
Share on other sites

Thanks SolidSnake...

It was'nt quite that that I needed, but I've found it on the link page you provided :lmao:

Found what I needed in this registry key:

HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Security Center

that is, if there is a antivirus present the reg values will "saay" that, and als the automatic updates...

Anyway, thanks alot...

No Problem. Glad you got your script working. ;)

HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.
Link to comment
Share on other sites

Guest Nuno Rodrigues

I think I talked too much soon... ;)

All that the reg keys tell me is if the alerts are or nor active...

So... I'm back at the place I started...

I still need some way to figure that out, if it has a antivirus and firewall active or not...

Any help?? :">

Link to comment
Share on other sites

  • 1 year later...

I think I talked too much soon... :)

All that the reg keys tell me is if the alerts are or nor active...

So... I'm back at the place I started...

I still need some way to figure that out, if it has a antivirus and firewall active or not...

Any help?? :">

I'm actually interested in how to detect an Antivirus program with Windows Security Center. Is there some sort of script that can get info from Security Center? Can anyone shed some light on this subject? I have been looking for info all over the net and have not found an answer. :)

i notice that when I look in the registry here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

It lists many folders dealing with AntiVirus and Firewall Programs:

AhnlabAntiVirus

ComputerAssociatesAntiVirus

KasperskyAntiVirus

McAfeeAntiVirus

McAfeeFirewall

PandaAntiVirus

PandaFirewall

SophosAntiVirus

SymantecAntiVirus

SymantecFirewall

TinyFirewall

TrendAntiVirus

TrendFirewall

ZoneLabsFirewall

All of the folders are blank except "SymantecAntiVirus" which has "DisableMonitoring"=dword:00000001

Which seems right. All I have is Symantec Antivirus and Windows Firewall. But what exactly does this mean? It says DisableMonitoring. So does this mean that if the DisableMonitoring is found and set to 1 in one of the directories then an AV is present?

Link to comment
Share on other sites

  • 4 months later...

I have tried to find a solution as well. This is what I have found...

$strComputer = "."
$oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\SecurityCenter")
$colItems = $oWMI.ExecQuery("Select * from AntiVirusProduct"); "from FirewallProduct" works as well

  For $objAntiVirusProduct In $colItems
      MsgBox(0, "AntiVirusProduct", $objAntiVirusProduct.displayName)
  Next

But for example in my Vista SP1 it does not return anything, but if I put "\root\SecurityCenter2" then it finds the product. On XP "\root\SecurityCenter" works.

If somebody has a better way to check Antivirus proudut please share your info. Thanks!

Link to comment
Share on other sites

  • 2 years later...

I have tried to find a solution as well. This is what I have found...

$strComputer = "."
$oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\SecurityCenter")
$colItems = $oWMI.ExecQuery("Select * from AntiVirusProduct"); "from FirewallProduct" works as well

  For $objAntiVirusProduct In $colItems
      MsgBox(0, "AntiVirusProduct", $objAntiVirusProduct.displayName)
  Next

But for example in my Vista SP1 it does not return anything, but if I put "\root\SecurityCenter2" then it finds the product. On XP "\root\SecurityCenter" works.

If somebody has a better way to check Antivirus proudut please share your info. Thanks!

I'm almost afraid to bring this old thread back up, but I am wanting to add this ability to my tool as well.

My experience with the above is that I had to use 'SecurityCenter2' to get the AV, but neither 'SecurityCenter' or 'SecurityCenter2' returned anything for firewall on Win7.

I would like to be able to determine both of these for all Win OS' as I'll use my tool on any machine I start working on.

If anyone has discovered an updated method of detecting the active Antivirus and/or Firewall, please share.

Thanks!

Link to comment
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...