1. 首頁
  2. 問答
  3. 如何在調用SecurityCenter2時忽略Windows Defender?

如何在調用SecurityCenter2時忽略Windows Defender?

2014-06-27 119 views
0

我正在研究腳本以檢測是否有在Windows計算機上運行的Antivirus解決方案。當在上運行Windows 8由於Windows Defender始終處於禁用狀態,因此運行第三方AV解決方案時禁用AntiVirus時出現誤報。我可以看到第三方AV的productState有效並正確報告,但是我的腳本只能拉取Windows Defender條目。我需要保留Windows Defender的條目,但是如果沒有安裝其他AntiVirus,我只對Windows Defender感興趣。我從命令提示符運行以下命令來檢索顯示兩個單獨條目的數據。如何在調用SecurityCenter2時忽略Windows Defender?

WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get /Format:List

我想只抓住第三方反病毒,如果它安裝,否則保持Windows Defender信息。

我如何做到這一點是通過調用instanceGUID並將其與Windows Defender GUID進行比較,但是我收到了一些誤報。無論如何,我可以正確解析這些數據,理想情況下只查看第三方信息?我包括完整的腳本來顯示正是我在看,如果需要的話

Set objWMIServiceSC = GetObject("winmgmts:\\.\root\SecurityCenter2") 
Set colAVItems = objWMIServiceSC.ExecQuery("Select * from AntiVirusProduct") 
For Each objAntiVirusProduct In colAVItems 
    strinstanceGuid = (objAntiVirusProduct.instanceGuid) 
    strWinDefGUID = "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}" 
    If strinstanceGuid <> strWinDefGUID Then 
     AvStatus = Hex(objAntiVirusProduct.ProductState) 
     If (objAntiVirusProduct.ProductState = "393472" _ 
      OR Mid(AvStatus, 2, 2) = "10" Or Mid(AvStatus, 2, 2) = "11" _ 
      OR Mid(AvStatus, 5, 2) = "10" Or Mid(AvStatus, 5, 2) = "11") Then 
       strproductState = "ENABLED" 
     Else 
      strproductState = "DISABLED" 
     End If 
    Else 
     If Mid(AvStatus, 2, 2) = "10" Or Mid(AvStatus, 2, 2) = "11" _ 
      OR Mid(AvStatus, 5, 2) = "10" Or Mid(AvStatus, 5, 2) = "11" Then 
       strproductState = "ENABLED" 
     Else 
      strproductState = "DISABLED" 
     End If 
    End If 
    If Mid(AvStatus, 4, 2) = "00" Then 
     strdefinitionState = "CURRENT" 
    ElseIf Mid(AvStatus, 4, 2) = "10" Then 
     strdefinitionState = "OUTDATED" 
    End If 
Next

只是重申我再剪下來,這是一個Windows 8的問題。

來源

2014-06-27 Mojoscream

回答

0

我找到了解決我的問題的方法。基本上,我最終在我的For語句之前添加了一條If語句,查看安全中心WMI for AntiVirus中有多少條目。如果有0,那麼它會報告沒有,如果安裝了1,那麼它會讀取信息,如果超過1,它將忽略Windows Defender並讀取剩餘的信息。我爲未來的用戶提供了完整的代碼。

Dim objWMIServiceSC,objAntiVirusProduct,colAVItems,AvStatus 

Set objWMIServiceSC = GetObject("winmgmts:\\.\root\SecurityCenter2") 
Set colAVItems = objWMIServiceSC.ExecQuery("Select * from AntiVirusProduct") 
If colAVItems.count = 0 Then 
    strdisplayName = "No" 
    errors("Acceptable AntiVirus software found ") = "NO" 
ElseIf colAVItems.count = 1 Then 
    For Each objAntiVirusProduct In colAVItems 
     strdisplayName = (objAntiVirusProduct.displayName) 
     AvStatus = Hex(objAntiVirusProduct.ProductState) 
     If (objAntiVirusProduct.ProductState = "266240" _ 
     OR objAntiVirusProduct.ProductState = "331776" _ 
     OR objAntiVirusProduct.ProductState = "397568" _ 
     OR Mid(AvStatus, 2, 2) = "10" Or Mid(AvStatus, 2, 2) = "11" _ 
     OR Mid(AvStatus, 5, 2) = "10" Or Mid(AvStatus, 5, 2) = "11") Then 
      strproductState = "ENABLED" 
     Else 
      strproductState = "DISABLED" 
      errors("Antivirus scanning is ") = "DISABLED" 
     End If 
     If Mid(AvStatus, 4, 2) = "00" Then 
      strdefinitionState = "CURRENT" 
     ElseIf Mid(AvStatus, 4, 2) = "10" Then 
      strdefinitionState = "OUTDATED" 
      errors("AntiVirus Definitions are ") = "OUTDATED" 
     End If 
    Next 
ElseIf colAVItems.count > 1 Then 
    For Each objAntiVirusProduct In colAVItems 
     If (objAntiVirusProduct.displayName) <> "Windows Defender" Then 
      strdisplayName = (objAntiVirusProduct.displayName) 
      AvStatus = Hex(objAntiVirusProduct.ProductState) 
      If (objAntiVirusProduct.ProductState = "393472" _ 
      OR objAntiVirusProduct.ProductState = "266240" _ 
      OR objAntiVirusProduct.ProductState = "331776" _ 
      OR objAntiVirusProduct.ProductState = "397568" _ 
      OR Mid(AvStatus, 2, 2) = "10" Or Mid(AvStatus, 2, 2) = "11" _ 
      OR Mid(AvStatus, 5, 2) = "10" Or Mid(AvStatus, 5, 2) = "11") Then 
       strproductState = "ENABLED" 
      Else 
       strproductState = "DISABLED" 
       errors("Antivirus scanning is ") = "DISABLED" 
      End If 
       If Mid(AvStatus, 4, 2) = "00" Then 
        strdefinitionState = "CURRENT" 
      ElseIf Mid(AvStatus, 4, 2) = "10" Then 
        strdefinitionState = "OUTDATED" 
        errors("AntiVirus Definitions are ") = "OUTDATED" 
      End If 
     End If 
    Next 
End If

來源

2014-07-11 17:32:34 Mojoscream

0

做所有這些字符串東西看起來有點複雜。你也可以這樣做:

int bitmaskUpToDate = 0x000010; 
bool upToDate = number & bitmaskUpToDate == bitmaskUpToDate; 
int bitmaskEnabled = 0x001000; 
bool isEnabled = number & bitmaskEnabled == bitmaskEnabled;

這只是一個快速演示位掩碼的東西。如果我正確地得到了指紋,我沒有雙重檢查。

來源

2016-01-07 18:40:11 Woozar

相關問題

 相關問題