Check anti-virus status in C#

问题

I need to check a group of servers to see whether the anti virus is up-to-date and running. Tricky thing is that they are spread over Windows 2003 and 2008 servers and I need to be able to check them all.

Is there any way of doing this with C# or VB.NET?

I have briefly looked around using WMI, but it appears on 2008/win7 computers Microsoft has changed what information they give back to you.

In summary, I need the following:

AV name
AV version
AV Up-to-Date
AV Enabled/Running

Can anyone help?

回答1:

Sample can be found here using WMI as you mentioned. The poster states this is being done on a Win 7 machine; so the code below should get you started...

ConnectionOptions _connectionOptions = new ConnectionOptions();
//Not required while checking it in local machine.
//For remote machines you need to provide the credentials
//options.Username = "";
//options.Password = "";
_connectionOptions.EnablePrivileges = true;
_connectionOptions.Impersonation = ImpersonationLevel.Impersonate;
//Connecting to SecurityCenter2 node for querying security details
ManagementScope _managementScope = new ManagementScope(string.Format("\\\\{0}\\root\\SecurityCenter2", ipAddress), _connectionOptions);
_managementScope.Connect();
//Querying
ObjectQuery _objectQuery = new ObjectQuery("SELECT * FROM AntivirusProduct");
ManagementObjectSearcher _managementObjectSearcher =
    new ManagementObjectSearcher(_managementScope, _objectQuery);
ManagementObjectCollection _managementObjectCollection = _managementObjectSearcher.Get();
if (_managementObjectCollection.Count > 0)
{
    foreach (ManagementObject item in _managementObjectCollection)
    {
        Console.WriteLine(item["displayName"]);
        //For Kaspersky AntiVirus, I am getting a null reference here.
        //Console.WriteLine(item["productUptoDate"]);

        //If the value of ProductState is 266240 or 262144, its an updated one.
        Console.WriteLine(item["productState"]);
    }
}

回答2:

Depending on how your environment is setup you may need to specify your security and permissions. You should also note that some antivirus products (like McAfee) do not make data available through WMI.

You can query the Antivirus information from WMI using this snippet:

string computer = Environment.MachineName;  
string wmipath = @"\\" + computer + @"\root\SecurityCenter";  
string query = @"SELECT * FROM AntivirusProduct";

ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmipath, query);  
ManagementObjectCollection results = searcher.Get();

foreach (ManagementObject result in results)  
{  
    // do something with `result[value]`);
}

来源：https://stackoverflow.com/questions/4750507/check-anti-virus-status-in-c-sharp

标签

windows-server-2008

windows-server-2003

antivirus