Display a SecurityCenter status overview

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Post Reply
Message
Author
firebloodphoenix
Posts: 16
Joined: 16 Jul 2010 01:29

Display a SecurityCenter status overview

#1 Post by firebloodphoenix » 02 Jan 2012 15:59

i had to dust of my account here,since its bin a wile since my last visit
i found this http://www.robvanderwoude.com/files/secstat_xp.txt
Is there something like it for windows 7?

i want to integrate it into my project
http://reboot.pro/files/file/118-infohack/

aGerman
Expert
Posts: 4678
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Display a SecurityCenter status overview

#2 Post by aGerman » 02 Jan 2012 16:43

First I corrected your link to Rob van der Woudes file.
I won't check your project, because I would have to register first.

However, the scipt seems to be applicable to Win7. Remove
VER | FIND "XP" >NUL || GOTO Syntax

Regards
aGerman

firebloodphoenix
Posts: 16
Joined: 16 Jul 2010 01:29

Re: Display a SecurityCenter status overview

#3 Post by firebloodphoenix » 02 Jan 2012 17:10

The output is not correct:

Code: Select all

AntiVirus:
==========
Company Name       :
Display Name       :
On Access Scanning : Disabled
Product Up-to-date : No
Version Number     :

Firewall:
=========
Company Name       :
Display Name       :
Enabled            : No
Version Number     :

Windows Update:
===============
Last Reboot        : ~0,1-4-, ::

it dose not detect my ESET Antivirus
i don't care for the windows update information mush at this time

here is a other link to my project(uploaded just for you)
http://www.mediafire.com/?nls3v070g5346zp
please note that most of the components is made by nirsoft and may be picked up as a false positive virus upon execution
the password for the components.7z is "PASSWORD" if you want to check the md5 of the components
Please read the readme.txt before continuing
If you have tips for my project please share

Squashman
Expert
Posts: 4486
Joined: 23 Dec 2011 13:59

Re: Display a SecurityCenter status overview

#4 Post by Squashman » 02 Jan 2012 17:37

Did you read this on Rob's website.
Use WBEMTEST.EXE to find all properties for a specific AntiVirus or Firewall product.

firebloodphoenix
Posts: 16
Joined: 16 Jul 2010 01:29

Re: Display a SecurityCenter status overview

#5 Post by firebloodphoenix » 02 Jan 2012 17:56

@ Squashman
All i want to know is if there is a antivirus installed
The name of the AV could be useful
I just thought that windows Action center might know this.
So is there a .vbs or .bat that can do this cus i can only find a script for XP

I don't want specific information about a specific AV rater a notification if a AV exists
I want to add it into my project to warn users that there AV might stop the NIRSOFT components from running

if you download my project you will see that i did something like that with the UAC if the script is run in spy-mode
I did Read Rob's website about the WBEMTEST.EXE but i have no idee how to use it
i have fond http://www.ks-soft.net/hostmon.eng/wmi/index.htm to explore the WMI but cannot find a reference to Action Center

aGerman
Expert
Posts: 4678
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Display a SecurityCenter status overview

#6 Post by aGerman » 02 Jan 2012 19:00

It seems the FirewallProduct class is not accessible on Win7, even not if I run the command as admin.
Unable to fix that. Perhaps they disabled it for security reasons.

Regards
aGerman

EDIT: I used a M$ script to figure out what happen. If I select the root\SecurityCenter namespace it tells me that it can't find any dynamic classes. I assume they removed it on Win7.

firebloodphoenix
Posts: 16
Joined: 16 Jul 2010 01:29

Re: Display a SecurityCenter status overview

#7 Post by firebloodphoenix » 03 Jan 2012 16:35

I came up with this:

Code: Select all

WMIC.EXE /Node:"%userdomain%" /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName^ /Format:List


it seems to do the trick
change AntiVirusProduct with FirewallProduct or AntispywareProduct(if installed)

aGerman
Expert
Posts: 4678
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Display a SecurityCenter status overview

#8 Post by aGerman » 03 Jan 2012 19:17

That's interesting.
You can also retrieve the productState. Unfortunately it's undocumented. See here to get an idea of how it is (probably) structured.
That script divides it into the 3 byte-values:

Code: Select all

@echo off &setlocal
for /f %%i in ('WMIC /NODE:"%userdomain%" /NAMESPACE:\\root\SecurityCenter2 PATH AntiVirusProduct GET productState /FORMAT:List^|findstr "="') do set /a "%%i"
set productState
cmd /c exit %productState%
set /a "Byte1=0x%=ExitCode:~2,2% , Byte2=0x%=ExitCode:~4,2% , Byte3=0x%=ExitCode:~-2%"
set Byte
pause

Regards
aGerman

firebloodphoenix
Posts: 16
Joined: 16 Jul 2010 01:29

Re: Display a SecurityCenter status overview

#9 Post by firebloodphoenix » 04 Jan 2012 17:41

@aGerman

I think i found a other way
http://msdn.microsoft.com/en-us/library ... 85%29.aspx
http://msdn.microsoft.com/en-us/library ... 85%29.aspx
But i have no idea how to implement it in batch (or even if its possible)
Do you know of a way?

aGerman
Expert
Posts: 4678
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Display a SecurityCenter status overview

#10 Post by aGerman » 04 Jan 2012 18:15

You can't implement that in a batch file. It's a WINAPI. You could write a tool in a programming language that supports API calls.

Heading straight forward with the link I gave to you.
Things of interest:
- 1st Byte
WSC_SECURITY_PROVIDER_ANTIVIRUS = 4

True if the third Bit = 1


- 2nd Byte
SCANNER_RUNNING = 16

True if the fifth Bit = 1


- 3rd Byte
0x10: too old! (or last update check was made ages ago)

Again true if the fifth Bit = 1


Try:

Code: Select all

@echo off &setlocal
for /f "delims=" %%i in ('WMIC /NODE:"%userdomain%" /NAMESPACE:\\root\SecurityCenter2 PATH AntiVirusProduct GET displayName^,productState /FORMAT:List^|findstr "="') do set "%%i"
cmd /c exit %productState%
set /a "Byte1=0x%=ExitCode:~2,2% , Byte2=0x%=ExitCode:~4,2% , Byte3=0x%=ExitCode:~-2%"

echo(
echo Name:              %displayName%

set /a "flagAV=(Byte1>>2)%%2"
echo Antivirus:         %flagAV%

set /a "flagScan=(Byte2>>4)%%2"
echo Scanning enabled:  %flagScan%

set /a "flagOutOfDate=(Byte3>>4)%%2"
echo Out Of Date:       %flagOutOfDate%

echo ( 1=true, 0=false )

echo(
pause

Regards
aGerman

firebloodphoenix
Posts: 16
Joined: 16 Jul 2010 01:29

Re: Display a SecurityCenter status overview

#11 Post by firebloodphoenix » 04 Jan 2012 20:15

Thanks i read your link that is where i got the API idea from:

michu wrote:
Here is the response of MS:
Read­ing directly from root­se­cu­ri­ty­cen­ter and rootsecuritycenter2 are not doc­u­mented or sup­ported inter­faces. As such, any­one who takes a depen­dency on them does so at their own risk. We do not share the prod­uct­State details out­side of Win­dows, even under NDA. Unfor­tu­nately, other than the WscGet­Se­cu­ri­tyProvider­Health inter­face, we don’t have a pub­lic inter­face to do what you are request­ing at this time.


So thanks A LOT for your script
Here Is one i made That shows some BIOS info:

Code: Select all

WMIC.EXE /Node:"%userdomain%" /Namespace:\\root\cimv2 Path Win32_BIOS Get Name^,Version^,Manufacturer^,SMBIOSBIOSVersion^ /Format:List

Post Reply