如何在调用SecurityCenter2时忽略Windows Defender?
问题描述:
我正在研究脚本以检测是否有在Windows计算机上运行的Antivirus解决方案。当在上运行Windows 8由于Windows Defender始终处于禁用状态,因此运行第三方AV解决方案时禁用AntiVirus时出现误报。我可以看到第三方AV的productState有效并正确报告,但是我的脚本只能拉取Windows Defender条目。我需要保留Windows Defender的条目,但是如果没有安装其他AntiVirus,我只对Windows Defender感兴趣。我从命令提示符运行以下命令来检索显示两个单独条目的数据。如何在调用SecurityCenter2时忽略Windows Defender?
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get /Format:List
我想只抓住第三方反病毒,如果它安装,否则保持Windows Defender信息。
我如何做到这一点是通过调用instanceGUID并将其与Windows Defender GUID进行比较,但是我收到了一些误报。无论如何,我可以正确解析这些数据,理想情况下只查看第三方信息?我包括完整的脚本来显示正是我在看,如果需要的话
Set objWMIServiceSC = GetObject("winmgmts:\\.\root\SecurityCenter2")
Set colAVItems = objWMIServiceSC.ExecQuery("Select * from AntiVirusProduct")
For Each objAntiVirusProduct In colAVItems
strinstanceGuid = (objAntiVirusProduct.instanceGuid)
strWinDefGUID = "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"
If strinstanceGuid <> strWinDefGUID Then
AvStatus = Hex(objAntiVirusProduct.ProductState)
If (objAntiVirusProduct.ProductState = "393472" _
OR Mid(AvStatus, 2, 2) = "10" Or Mid(AvStatus, 2, 2) = "11" _
OR Mid(AvStatus, 5, 2) = "10" Or Mid(AvStatus, 5, 2) = "11") Then
strproductState = "ENABLED"
Else
strproductState = "DISABLED"
End If
Else
If Mid(AvStatus, 2, 2) = "10" Or Mid(AvStatus, 2, 2) = "11" _
OR Mid(AvStatus, 5, 2) = "10" Or Mid(AvStatus, 5, 2) = "11" Then
strproductState = "ENABLED"
Else
strproductState = "DISABLED"
End If
End If
If Mid(AvStatus, 4, 2) = "00" Then
strdefinitionState = "CURRENT"
ElseIf Mid(AvStatus, 4, 2) = "10" Then
strdefinitionState = "OUTDATED"
End If
Next
只是重申我再剪下来,这是一个Windows 8的问题。
答
我找到了解决我的问题的方法。基本上,我最终在我的For语句之前添加了一条If语句,查看安全中心WMI for AntiVirus中有多少条目。如果有0,那么它会报告没有,如果安装了1,那么它会读取信息,如果超过1,它将忽略Windows Defender并读取剩余的信息。我为未来的用户提供了完整的代码。
Dim objWMIServiceSC,objAntiVirusProduct,colAVItems,AvStatus
Set objWMIServiceSC = GetObject("winmgmts:\\.\root\SecurityCenter2")
Set colAVItems = objWMIServiceSC.ExecQuery("Select * from AntiVirusProduct")
If colAVItems.count = 0 Then
strdisplayName = "No"
errors("Acceptable AntiVirus software found ") = "NO"
ElseIf colAVItems.count = 1 Then
For Each objAntiVirusProduct In colAVItems
strdisplayName = (objAntiVirusProduct.displayName)
AvStatus = Hex(objAntiVirusProduct.ProductState)
If (objAntiVirusProduct.ProductState = "266240" _
OR objAntiVirusProduct.ProductState = "331776" _
OR objAntiVirusProduct.ProductState = "397568" _
OR Mid(AvStatus, 2, 2) = "10" Or Mid(AvStatus, 2, 2) = "11" _
OR Mid(AvStatus, 5, 2) = "10" Or Mid(AvStatus, 5, 2) = "11") Then
strproductState = "ENABLED"
Else
strproductState = "DISABLED"
errors("Antivirus scanning is ") = "DISABLED"
End If
If Mid(AvStatus, 4, 2) = "00" Then
strdefinitionState = "CURRENT"
ElseIf Mid(AvStatus, 4, 2) = "10" Then
strdefinitionState = "OUTDATED"
errors("AntiVirus Definitions are ") = "OUTDATED"
End If
Next
ElseIf colAVItems.count > 1 Then
For Each objAntiVirusProduct In colAVItems
If (objAntiVirusProduct.displayName) <> "Windows Defender" Then
strdisplayName = (objAntiVirusProduct.displayName)
AvStatus = Hex(objAntiVirusProduct.ProductState)
If (objAntiVirusProduct.ProductState = "393472" _
OR objAntiVirusProduct.ProductState = "266240" _
OR objAntiVirusProduct.ProductState = "331776" _
OR objAntiVirusProduct.ProductState = "397568" _
OR Mid(AvStatus, 2, 2) = "10" Or Mid(AvStatus, 2, 2) = "11" _
OR Mid(AvStatus, 5, 2) = "10" Or Mid(AvStatus, 5, 2) = "11") Then
strproductState = "ENABLED"
Else
strproductState = "DISABLED"
errors("Antivirus scanning is ") = "DISABLED"
End If
If Mid(AvStatus, 4, 2) = "00" Then
strdefinitionState = "CURRENT"
ElseIf Mid(AvStatus, 4, 2) = "10" Then
strdefinitionState = "OUTDATED"
errors("AntiVirus Definitions are ") = "OUTDATED"
End If
End If
Next
End If
答
做所有这些字符串东西看起来有点复杂。你也可以这样做:
int bitmaskUpToDate = 0x000010;
bool upToDate = number & bitmaskUpToDate == bitmaskUpToDate;
int bitmaskEnabled = 0x001000;
bool isEnabled = number & bitmaskEnabled == bitmaskEnabled;
这只是一个快速演示位掩码的东西。如果我正确地得到了指纹,我没有双重检查。