我正在编写一个脚本来检测是否在Windows计算机上运行了防病毒解决方案。在 Windows 8 上运行时,由于Windows Defender始终处于运行状态,因此在运行第三方防病毒解决方案时,由于禁用了防病毒功能,因此我发现了误报。
我可以看到第三方防病毒软件的productState有效且报告正确,但我的脚本只提取Windows Defender条目。
我需要保留Windows Defender的条目,但是如果没有安装任何其他防病毒软件,我只对Windows Defender感兴趣。我从命令提示符运行以下命令来检索数据,该数据显示两个单独的条目。
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get /Format:List
我想只安装第三方防病毒软件,否则请保留Windows Defender信息。
我如何尝试这样做是通过调用instanceGUID并将其与Windows Defender GUID进行比较,但是我得到了一些误报。有没有办法让我正确地解析这些数据,理想情况下只查看第三方信息?
我包括完整的脚本,以准确显示我正在查看的内容,如果需要,我可以将其删除:
Set objWMIServiceSC = GetObject("winmgmts:\\.\root\SecurityCenter2")
Set colAVItems = objWMIServiceSC.ExecQuery("Select * from AntiVirusProduct")
For Each objAntiVirusProduct In colAVItems
strinstanceGuid = (objAntiVirusProduct.instanceGuid)
strWinDefGUID = "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"
If strinstanceGuid <> strWinDefGUID Then
AvStatus = Hex(objAntiVirusProduct.ProductState)
If (objAntiVirusProduct.ProductState = "393472" _
OR Mid(AvStatus, 2, 2) = "10" Or Mid(AvStatus, 2, 2) = "11" _
OR Mid(AvStatus, 5, 2) = "10" Or Mid(AvStatus, 5, 2) = "11") Then
strproductState = "ENABLED"
Else
strproductState = "DISABLED"
End If
Else
If Mid(AvStatus, 2, 2) = "10" Or Mid(AvStatus, 2, 2) = "11" _
OR Mid(AvStatus, 5, 2) = "10" Or Mid(AvStatus, 5, 2) = "11" Then
strproductState = "ENABLED"
Else
strproductState = "DISABLED"
End If
End If
If Mid(AvStatus, 4, 2) = "00" Then
strdefinitionState = "CURRENT"
ElseIf Mid(AvStatus, 4, 2) = "10" Then
strdefinitionState = "OUTDATED"
End If
Next
重申一下,这是 Windows 8 问题。
答案 0 :(得分:0)
我找到了解决问题的方法。基本上我最终在我的For语句之前放置一个If语句,查看安全中心WMI for AntiVirus中的条目数。如果有0然后它报告没有,如果有1安装然后它读取信息,如果有超过1它忽略Windows Defender并读取其余。我包括未来用户的完整代码。
Dim objWMIServiceSC,objAntiVirusProduct,colAVItems,AvStatus
Set objWMIServiceSC = GetObject("winmgmts:\\.\root\SecurityCenter2")
Set colAVItems = objWMIServiceSC.ExecQuery("Select * from AntiVirusProduct")
If colAVItems.count = 0 Then
strdisplayName = "No"
errors("Acceptable AntiVirus software found ") = "NO"
ElseIf colAVItems.count = 1 Then
For Each objAntiVirusProduct In colAVItems
strdisplayName = (objAntiVirusProduct.displayName)
AvStatus = Hex(objAntiVirusProduct.ProductState)
If (objAntiVirusProduct.ProductState = "266240" _
OR objAntiVirusProduct.ProductState = "331776" _
OR objAntiVirusProduct.ProductState = "397568" _
OR Mid(AvStatus, 2, 2) = "10" Or Mid(AvStatus, 2, 2) = "11" _
OR Mid(AvStatus, 5, 2) = "10" Or Mid(AvStatus, 5, 2) = "11") Then
strproductState = "ENABLED"
Else
strproductState = "DISABLED"
errors("Antivirus scanning is ") = "DISABLED"
End If
If Mid(AvStatus, 4, 2) = "00" Then
strdefinitionState = "CURRENT"
ElseIf Mid(AvStatus, 4, 2) = "10" Then
strdefinitionState = "OUTDATED"
errors("AntiVirus Definitions are ") = "OUTDATED"
End If
Next
ElseIf colAVItems.count > 1 Then
For Each objAntiVirusProduct In colAVItems
If (objAntiVirusProduct.displayName) <> "Windows Defender" Then
strdisplayName = (objAntiVirusProduct.displayName)
AvStatus = Hex(objAntiVirusProduct.ProductState)
If (objAntiVirusProduct.ProductState = "393472" _
OR objAntiVirusProduct.ProductState = "266240" _
OR objAntiVirusProduct.ProductState = "331776" _
OR objAntiVirusProduct.ProductState = "397568" _
OR Mid(AvStatus, 2, 2) = "10" Or Mid(AvStatus, 2, 2) = "11" _
OR Mid(AvStatus, 5, 2) = "10" Or Mid(AvStatus, 5, 2) = "11") Then
strproductState = "ENABLED"
Else
strproductState = "DISABLED"
errors("Antivirus scanning is ") = "DISABLED"
End If
If Mid(AvStatus, 4, 2) = "00" Then
strdefinitionState = "CURRENT"
ElseIf Mid(AvStatus, 4, 2) = "10" Then
strdefinitionState = "OUTDATED"
errors("AntiVirus Definitions are ") = "OUTDATED"
End If
End If
Next
End If
答案 1 :(得分:0)
做所有这些字符串的东西看起来有点复杂。你也可以这样做:
int bitmaskUpToDate = 0x000010;
bool upToDate = number & bitmaskUpToDate == bitmaskUpToDate;
int bitmaskEnabled = 0x001000;
bool isEnabled = number & bitmaskEnabled == bitmaskEnabled;
这只是位掩码内容的快速演示。如果我的指数正确,我没有进行双重检查。