有什么办法通过VBScript或Powershell来检查吗? 我简要介绍了一下SecurityCenter和SecurityCenter2 WMI类,但是它们都不是特别有用。 看来最简单的方法就是确定WMI中productState的值通过后者获得一些消息,这意味着AV认为它是可以的。 任何其他的想法?
您可能需要根据您安装的版本更改FCS_REGKEY_ROOT。 这适用于最近的版本。 从这里拉了 。
Option Explicit const FCS_REGKEY_ROOT = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" Dim SCAN_KEY, SIGNATUREUPDATES_KEY Dim AV_VERSION_VALUE, AS_VERSION_VALUE, ENGINE_VERSION_VALUE, AV_DATE, AS_DATE Dim LAST_SCAN_TIME, LAST_SCAN_TYPE, INSTALL_PATH_VALUE SCAN_KEY=FCS_REGKEY_ROOT & "\Scan" SIGNATUREUPDATES_KEY = FCS_REGKEY_ROOT & "\Signature Updates" INSTALL_PATH_VALUE= FCS_REGKEY_ROOT & "\InstallLocation" AV_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\AVSignatureVersion" AS_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\ASSignatureVersion" ENGINE_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\EngineVersion" AV_DATE= SIGNATUREUPDATES_KEY &"\AVSignatureApplied" AS_DATE= SIGNATUREUPDATES_KEY &"\ASSignatureApplied" LAST_SCAN_TIME= SCAN_KEY & "\LastScanRun" LAST_SCAN_TYPE= SCAN_KEY & "\LastScanType" '************ MAIN ************ Dim AV_Version, AS_Version, EngineVersion, ProductVersion Dim AV_BuildDate, AS_BuildDate, LastScanTime, LastScanType Dim objShell set objShell = CreateObject("WScript.Shell") '============ Get current info ============ AV_Version = objShell.RegRead(AV_VERSION_VALUE) AS_Version = objShell.RegRead(AS_VERSION_VALUE) EngineVersion = objShell.RegRead(ENGINE_VERSION_VALUE) AV_BuildDate = BinaryToDate( objShell.RegRead(AV_DATE) ) AS_BuildDate = BinaryToDate( objShell.RegRead(AS_DATE) ) ProductVersion = GetProductVersion(INSTALL_PATH_VALUE) LastScanTime = BinaryToDate( objShell.RegRead(LAST_SCAN_TIME) ) LastScanType = GetScanType( objShell.RegRead(LAST_SCAN_TYPE) ) '============ Display summary info ============ WScript.echo "Microsoft Forefront Client Security version: " & ProductVersion WScript.echo "Engine version: " & EngineVersion WScript.echo "Antivirus Definition: Version " & AV_Version & " created on " & AV_BuildDate WScript.echo "Antispyware Definition: Version " & AS_Version & " created on " & AS_BuildDate WScript.echo "Last scan: " & LastScanTime & " (" & LastScanType & ")" '************ END MAIN ************ '=============================================================== 'Function BinaryToDate will covert a binary DATE_TIME structure into a Variant date set to the local time ' Parameter: bArray - a VARIANT array of bytes ' Return: a VARIANT date Function BinaryToDate(bArray) dim Seconds,Days,dateTime Set dateTime = CreateObject("WbemScripting.SWbemDateTime") Seconds = bArray(7)*(2^56) + bArray(6)*(2^48) + bArray(5)*(2^40) + bArray(4)*(2^32) _ + bArray(3)*(2^24) + bArray(2)*(2^16) + bArray(1)*(2^8) + bArray(0) Days = Seconds/(1E7*86400) dateTime.SetVarDate CDate(DateSerial(1601, 1, 1) + Days ), false BinaryToDate = dateTime.GetVarDate () End Function '=============================================================== 'Function GetProductVersion will query a registry key for the file location and then return the version from the filesystem ' Parameter: strRegPath - path to the registry pointing to the installation location ' Return: a VARIANT string containing the product version Function GetProductVersion(regPath) const FILE_TO_CHECK = "\msmpeng.exe" dim strFilePath, objFSO strFilePath = objShell.RegRead(regPath) & FILE_TO_CHECK Set objFSO = CreateObject("Scripting.FileSystemObject") GetProductVersion = objFSO.GetFileVersion(strFilePath) Set objFSO = Nothing End Function '=============================================================== 'Function GetScanType will return a string with the scan type that corresponds to the enum ' Parameter: iScanType - type of scan ' Return: a VARIANT string containing text type of scan Function GetScanType(iScanType) Select case(iScanType) Case 1 : GetScanType= "Quick Scan" Case 2 : GetScanType= "Full Scan" Case Else GetScanType= "Invalid Scan type" End Select End Function
C:> cscript forefrontstatus.vbs
Microsoft Forefront客户端安全版本:3.0.8107.0
引擎版本:1.1.6502.0
防病毒定义:版本1.97.905.0创builddate2/2/2011 6:10:51 AM
反间谍软件定义:版本1.97.905.0创builddate2/2/2011 6:10:51 AM
上次扫描:2011/2/2 2:26:34(快速扫描)
选项显式
const FCS_REGKEY_ROOT =“HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft Antimalware”
DIM SCAN_KEY,SIGNATUREUPDATES_KEY
昏暗的AV_VERSION_VALUE,AS_VERSION_VALUE,ENGINE_VERSION_VALUE,AV_DATE,AS_DATE
Dim LAST_SCAN_TIME,LAST_SCAN_TYPE,INSTALL_PATH_VALUE
SCAN_KEY = FCS_REGKEY_ROOT&“\ Scan”
SIGNATUREUPDATES_KEY = FCS_REGKEY_ROOT&“\ Signature Updates”
INSTALL_PATH_VALUE = FCS_REGKEY_ROOT&“\ InstallLocation”
AV_VERSION_VALUE = SIGNATUREUPDATES_KEY&“\ AVSignatureVersion”
AS_VERSION_VALUE = SIGNATUREUPDATES_KEY&“\ ASSignatureVersion”
ENGINE_VERSION_VALUE = SIGNATUREUPDATES_KEY&“\ EngineVersion”
AV_DATE = SIGNATUREUPDATES_KEY&“\ AVSignatureApplied”
AS_DATE = SIGNATUREUPDATES_KEY&“\ ASSignatureApplied”
LAST_SCAN_TIME = SCAN_KEY&“\ LastScanRun”
LAST_SCAN_TYPE = SCAN_KEY&“\ LastScanType”
'11 -11-13
NIS_ENGINE_VERSION_VALUE = SIGNATUREUPDATES_KEY&“\ NISEngineVersion”
NIS_SIGNATURE_VERSION_VALUE = SIGNATUREUPDATES_KEY&“\ NISSignatureVersion”
NIS_SIGNATURE_DATE = SIGNATUREUPDATES_KEY&“\ NISSignatureApplied”
SIGNATURES_LAST_UPDATE = SIGNATUREUPDATES_KEY&“\ SignaturesLastUpdated”
'************主要************
Dim AV_Version,AS_Version,EngineVersion,ProductVersion
Dim AV_BuildDate,AS_BuildDate,LastScanTime,LastScanType
Dim objShell
set objShell = CreateObject(“WScript.Shell”)
'============获取当前信息============
AV_Version = objShell.RegRead(AV_VERSION_VALUE)
AS_Version = objShell.RegRead(AS_VERSION_VALUE)
EngineVersion = objShell.RegRead(ENGINE_VERSION_VALUE)
AV_BuildDate = BinaryToDate(objShell.RegRead(AV_DATE))
AS_BuildDate = BinaryToDate(objShell.RegRead(AS_DATE))
ProductVersion = GetProductVersion(INSTALL_PATH_VALUE)
LastScanTime = BinaryToDate(objShell.RegRead(LAST_SCAN_TIME))
LastScanType = GetScanType(objShell.RegRead(LAST_SCAN_TYPE))
'11 -11-13
NIS_Engine_Version = objShell.RegRead(NIS_ENGINE_VERSION_VALUE)
NIS_Signature_Version = objShell.RegRead(NIS_SIGNATURE_VERSION_VALUE)
NIS_BuildDate = BinaryToDate(objShell.RegRead(NIS_SIGNATURE_DATE))
LAST_UPDATE = BinaryToDate(objShell.RegRead(SIGNATURES_LAST_UPDATE))
'============显示摘要信息============
WScript.echo“Microsoft Forefront客户端安全版本:”和ProductVersion
WScript.echo“引擎版本:”和EngineVersion
WScript.echo“Antivirus Definition:Version”&AV_Version&“created on”&AV_BuildDate
WScript.echo“Antispyware Definition:Version”&AS_Version&“created on”&AS_BuildDate
WScript.echo“Last scan:”&LastScanTime&“(”&LastScanType&“)”
'11 -11-13
wscript.echo“NIS引擎:版本”和NIS_Engine_Version
wscript.echo“Nis签名:版本”&NIS_Signature_Version&“创build于&NIS_BuildDate
wscript.echo“最后更新:”和LAST_UPDATE
'************ END MAIN ************
“================================================= ==============
'BinaryToDate函数将把一个二进制DATE_TIME结构转换成一个Variantdate设置为当地时间
'参数:bArray - 一个VARIANT字节数组
'返回:一个变种date
函数BinaryToDate(bArray)
昏暗的秒,天,date时间
Set dateTime = CreateObject(“WbemScripting.SWbemDateTime”)
秒= bArray(7)*(2 ^ 56)+ bArray(6)*(2 ^ 48)+ bArray(5)*(2 ^ 40)+ bArray(4)*(2 ^ 32)_
+ bArray(3)*(2 ^ 24)+ bArray(2)*(2 ^ 16)+ bArray(1)*(2 ^ 8)+ bArray(0)
天=秒/(1E7 * 86400)
dateTime.SetVarDate CDate(DateSerial(1601,1,1)+ Days),false
BinaryToDate = dateTime.GetVarDate()
结束function
“================================================= ==============
'GetProductVersion函数将查询文件位置的registry项,然后从文件系统返回版本
'参数:strRegPath - registry指向安装位置的path
'返回:包含产品版本的VARIANTstring
函数GetProductVersion(regPath)
const FILE_TO_CHECK =“\ msmpeng.exe”
昏暗的strFilePath,objFSO
strFilePath = objShell.RegRead(regPath)&FILE_TO_CHECK
设置objFSO = CreateObject(“Scripting.FileSystemObject”)
GetProductVersion = objFSO.GetFileVersion(strFilePath)
设置objFSO = Nothing
结束function
“================================================= ==============
'函数GetScanType将返回一个string,其中的扫描types与枚举相对应
'参数:iScanType - 扫描types
'返回:包含扫描文本types的VARIANTstring
函数GetScanType(iScanType)
select案例(iScanType)
情况1:GetScanType =“快速扫描”
情况2:GetScanType =“全面扫描”
Case Else GetScanType =“无效的扫描types”
结束select
结束function