3

i have used WMI to detect that antivirus is present on OS, itz woking fine and display me information of antivirus like name and instance id on win xp and window7 by using Namespace:\root\SecurityCenter and \root\SecurityCenter, \root\Security.

if(isHLOSVersion( ))

 hres = pLoc->ConnectServer( _bstr_t(L"root\\SecurityCenter2"),
 // Object path of SecurityCenter 

 NULL,                    // User name. NULL = current user 

         NULL,                    // User password. NULL = current 

         0,                       // Locale. NULL indicates current 

         NULL,                    // Security flags. 

         0,                       // Authority (e.g. Kerberos) 

         0,                       // Context object  

         &pSvc                    // pointer to IWbemServices proxy 

         ); 
 else
  hres = pLoc->ConnectServer( _bstr_t(L"root\\SecurityCenter"),
 // Object path of SecurityCenter 

   NULL,                    // User name. NULL = current user 

         NULL,                    // User password. NULL = current 

         0,                       // Locale. NULL indicates current 

         NULL,                    // Security flags. 

         0,                       // Authority (e.g. Kerberos) 

         0,                       // Context object  

         &pSvc                    // pointer to IWbemServices proxy 

         );

But in case of windows 2003 server and 2008 server 2003 server R2and 2008 server R2 these above namespace are not present so this is not working there.

Please let me know how can we detect that antivirus present or not windows 2003 server and 2008 server 2003 server R2and 2008 server R2 operating system.

4

1 回答 1

2

该命名空间在 Windows Server 平台上不可用,我认为它可能已被 Workstation 弃用(即消失)。

您可能可以使用 WscGetSecurityProviderHealth() 来获得相同的结果。

请参阅http://msdn.microsoft.com/en-us/library/bb432506.aspx

这是我似乎可行的简单示例:

#define _WIN32_WINNT _WIN32_WINNT_WIN7
#include <Windows.h>
#include <Wscapi.h>
#include <iostream>

#pragma comment(lib, "Wscapi")


int main(int argc, char* argv[])
{
   WSC_SECURITY_PROVIDER_HEALTH health;
   const DWORD dwAntivirus(WSC_SECURITY_PROVIDER_ANTIVIRUS);

   HRESULT hr = WscGetSecurityProviderHealth(dwAntivirus, &health);
   if (FAILED(hr))
   {
      std::cerr << "Error " << std::hex 
                << std::showbase << hr << "\n";
      return -1;
   }
   switch (health)
   {
      case WSC_SECURITY_PROVIDER_HEALTH_GOOD:
         std::cout << "Antivirus health is good\n";
         return 0;
      case WSC_SECURITY_PROVIDER_HEALTH_NOTMONITORED:
         std::cout << "Antivirus health is not monitored\n";
         return 1;
      case WSC_SECURITY_PROVIDER_HEALTH_POOR:
         std::cout << "Antivirus health is poor\n";
         return 2;
      case WSC_SECURITY_PROVIDER_HEALTH_SNOOZE:
         std::cout << "Antivirus health is snooze\n";
         return 3;
      default:
         std::cout << "Unexpected antivirus health value: "
                   << std::hex << std::showbase 
                   << health << "\n";
         return 4;
   }
}

2012 年 12 月 9 日更新

Alex 指出(如下),这在 Windows Server 上不起作用,仅在 Windows 的 Workstation 版本上起作用。回想起来,我想到这可能是故意的,事实上,可能是最好的。

应用程序真的需要知道服务器的状态吗?大多数服务器安全程序都有在失败时设置警报的机制。管理员将监控这些警报并修复损坏的内容。应用程序应该简单地表现得好像安全是完全可操作的。

如果您确实必须了解某个特定程序,您可以在进程中查找它的 exe 名称,并查看该进程是否正在运行并正在消耗 cpu(未挂起)。除此之外,您可能需要与安全程序的供应商合作:他们可能有一个 API 来查询该程序。

于 2011-03-02T17:30:34.870 回答