Guest Nuno Rodrigues Posted November 22, 2006 Share Posted November 22, 2006 Hi there... Is there any way to know if there is any antivirus installed in the system?? And to know if the automatic updates are enabled or not?? I'm writing a script to install several apps, but first I have t know if there is any other antivirus installed in the system, for not having two of them installed in the same system. Regarding to automatic updates, I wanna know, if it or not enabled, because if not, I will activate it using the script. Thanks in advance... Link to comment Share on other sites More sharing options...
NELyon Posted November 23, 2006 Share Posted November 23, 2006 *Cough* *Cough* Trying to install multiple coppies of malware? *cough* *Cough* Link to comment Share on other sites More sharing options...
Guest Nuno Rodrigues Posted November 23, 2006 Share Posted November 23, 2006 *Cough* *Cough*Trying to install multiple coppies of malware?*cough* *Cough*No, I'm really writing an automated install system, for several apps, like JRE, Adobe, certain updates, automatic desktop walpaper, windows optimisations - cache and themes - that's why I need that script... nothink else...any way, if there is a antivirus installed, I'll not uninstall it... Link to comment Share on other sites More sharing options...
NELyon Posted November 23, 2006 Share Posted November 23, 2006 Well, you can check if the process exists (with the function "ProcessExists") Here could be an example: If ProcessExists("SomeAntiVirusProcess.exe") Then MsgBox(0, "AntiVirus Detected", "We have detected you are using an anti-virus. Please disable this program for the installation to work") EndIf Don't end the processes yourself because many anti-virus programs have ties with System processes, thus shutting down your system. Link to comment Share on other sites More sharing options...
Hasher Posted November 23, 2006 Share Posted November 23, 2006 You could use of the Windows XP Security Centerhttp://tweakhound.com/xp/securitycenter/index.htm Firefox's secret is the same as Jessica Simpson's: its effortless, glamorous style is the result of — shhh — extensions! Link to comment Share on other sites More sharing options...
Guest Nuno Rodrigues Posted November 23, 2006 Share Posted November 23, 2006 Well, you can check if the process exists (with the function "ProcessExists") Here could be an example: If ProcessExists("SomeAntiVirusProcess.exe") Then MsgBox(0, "AntiVirus Detected", "We have detected you are using an anti-virus. Please disable this program for the installation to work") EndIf Don't end the processes yourself because many anti-virus programs have ties with System processes, thus shutting down your system. Ok, It would work if I know exactly what antivirus program is installed, to exactly know it's process... Link to comment Share on other sites More sharing options...
Guest Nuno Rodrigues Posted November 23, 2006 Share Posted November 23, 2006 You could use of the Windows XP Security Centerhttp://tweakhound.com/xp/securitycenter/index.htmIs there any way to grab that data from the registry?? To know what antivirus program is installed, and if the automatic updates are enabled?? Link to comment Share on other sites More sharing options...
FuryCell Posted November 23, 2006 Share Posted November 23, 2006 Is there any way to grab that data from the registry?? To know what antivirus program is installed, and if the automatic updates are enabled?? Not sure if this is what you are looking for but this might help with detecting if autoupdates are enabled.KeyName:HKEY_LOCAL_MACHINE\Software\Policies \Microsoft\Windows\WindowsUpdate\AUValueName:NoAutoUpdatehere are the possible values:0 - False (Do not disable AutoUpdate)1 - True (Disable AutoUpdate)That information was found here. HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code. Link to comment Share on other sites More sharing options...
Guest Nuno Rodrigues Posted November 25, 2006 Share Posted November 25, 2006 (edited) Thanks SolidSnake... It was'nt quite that that I needed, but I've found it on the link page you provided Found what I needed in this registry key: HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Security Center that is, if there is a antivirus present the reg values will "saay" that, and als the automatic updates... Anyway, thanks alot... Edited November 25, 2006 by Nuno Rodrigues Link to comment Share on other sites More sharing options...
FuryCell Posted November 25, 2006 Share Posted November 25, 2006 Thanks SolidSnake...It was'nt quite that that I needed, but I've found it on the link page you provided Found what I needed in this registry key:HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Security Centerthat is, if there is a antivirus present the reg values will "saay" that, and als the automatic updates...Anyway, thanks alot...No Problem. Glad you got your script working. HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code. Link to comment Share on other sites More sharing options...
Guest Nuno Rodrigues Posted November 25, 2006 Share Posted November 25, 2006 I think I talked too much soon... All that the reg keys tell me is if the alerts are or nor active... So... I'm back at the place I started... I still need some way to figure that out, if it has a antivirus and firewall active or not... Any help?? :"> Link to comment Share on other sites More sharing options...
Proph Posted June 9, 2008 Share Posted June 9, 2008 I think I talked too much soon... All that the reg keys tell me is if the alerts are or nor active...So... I'm back at the place I started... I still need some way to figure that out, if it has a antivirus and firewall active or not...Any help?? :">I'm actually interested in how to detect an Antivirus program with Windows Security Center. Is there some sort of script that can get info from Security Center? Can anyone shed some light on this subject? I have been looking for info all over the net and have not found an answer. i notice that when I look in the registry here:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\MonitoringIt lists many folders dealing with AntiVirus and Firewall Programs:AhnlabAntiVirusComputerAssociatesAntiVirusKasperskyAntiVirusMcAfeeAntiVirusMcAfeeFirewallPandaAntiVirusPandaFirewallSophosAntiVirusSymantecAntiVirusSymantecFirewallTinyFirewallTrendAntiVirusTrendFirewallZoneLabsFirewallAll of the folders are blank except "SymantecAntiVirus" which has "DisableMonitoring"=dword:00000001Which seems right. All I have is Symantec Antivirus and Windows Firewall. But what exactly does this mean? It says DisableMonitoring. So does this mean that if the DisableMonitoring is found and set to 1 in one of the directories then an AV is present? Link to comment Share on other sites More sharing options...
Bert Posted June 9, 2008 Share Posted June 9, 2008 Sent you a PM. I may have something that can help you. The Vollatran project  My blog: http://www.vollysinterestingshit.com/ Link to comment Share on other sites More sharing options...
nhalme Posted November 4, 2008 Share Posted November 4, 2008 I have tried to find a solution as well. This is what I have found...$strComputer = "." $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\SecurityCenter") $colItems = $oWMI.ExecQuery("Select * from AntiVirusProduct"); "from FirewallProduct" works as well For $objAntiVirusProduct In $colItems MsgBox(0, "AntiVirusProduct", $objAntiVirusProduct.displayName) Next But for example in my Vista SP1 it does not return anything, but if I put "\root\SecurityCenter2" then it finds the product. On XP "\root\SecurityCenter" works. If somebody has a better way to check Antivirus proudut please share your info. Thanks! Link to comment Share on other sites More sharing options...
schuc Posted December 31, 2010 Share Posted December 31, 2010 I have tried to find a solution as well. This is what I have found...$strComputer = "." $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\SecurityCenter") $colItems = $oWMI.ExecQuery("Select * from AntiVirusProduct"); "from FirewallProduct" works as well For $objAntiVirusProduct In $colItems MsgBox(0, "AntiVirusProduct", $objAntiVirusProduct.displayName) Next But for example in my Vista SP1 it does not return anything, but if I put "\root\SecurityCenter2" then it finds the product. On XP "\root\SecurityCenter" works. If somebody has a better way to check Antivirus proudut please share your info. Thanks! I'm almost afraid to bring this old thread back up, but I am wanting to add this ability to my tool as well. My experience with the above is that I had to use 'SecurityCenter2' to get the AV, but neither 'SecurityCenter' or 'SecurityCenter2' returned anything for firewall on Win7. I would like to be able to determine both of these for all Win OS' as I'll use my tool on any machine I start working on. If anyone has discovered an updated method of detecting the active Antivirus and/or Firewall, please share. Thanks! Link to comment Share on other sites More sharing options...
engjcowi Posted January 6, 2011 Share Posted January 6, 2011 Hi Ive got some code that hopefully detects this. ill be adding it in the next day or 2 in my comp analysis tool. keep your eye out Drunken Frat-Boy Monkey Garbage Link to comment Share on other sites More sharing options...
Skitty Posted February 15, 2011 Share Posted February 15, 2011 HiIve got some code that hopefully detects this. ill be adding it in the next day or 2 in my comp analysis tool. keep your eye outIts been a pretty long time and I still haven't seen your code anywhere... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now