有没有办法通过 VBScript 或 Powershell 检查这一点?我简要查看了SecurityCenter和SecurityCenter2WMI 类,但它们看起来都不是特别有用。看来最简单的方法是productState通过后者在 WMI 中的值来确定获取一些消息,这意味着 AV 认为它是可以的。 还有其他想法吗?
答案1
您可能需要根据您安装的版本更改 FCS_REGKEY_ROOT。这适用于较新版本。摘自这里。
Option Explicit
const FCS_REGKEY_ROOT = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware"
Dim SCAN_KEY, SIGNATUREUPDATES_KEY
Dim AV_VERSION_VALUE, AS_VERSION_VALUE, ENGINE_VERSION_VALUE, AV_DATE, AS_DATE
Dim LAST_SCAN_TIME, LAST_SCAN_TYPE, INSTALL_PATH_VALUE
SCAN_KEY=FCS_REGKEY_ROOT & "\Scan"
SIGNATUREUPDATES_KEY = FCS_REGKEY_ROOT & "\Signature Updates"
INSTALL_PATH_VALUE= FCS_REGKEY_ROOT & "\InstallLocation"
AV_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\AVSignatureVersion"
AS_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\ASSignatureVersion"
ENGINE_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\EngineVersion"
AV_DATE= SIGNATUREUPDATES_KEY &"\AVSignatureApplied"
AS_DATE= SIGNATUREUPDATES_KEY &"\ASSignatureApplied"
LAST_SCAN_TIME= SCAN_KEY & "\LastScanRun"
LAST_SCAN_TYPE= SCAN_KEY & "\LastScanType"
'************ MAIN ************
Dim AV_Version, AS_Version, EngineVersion, ProductVersion
Dim AV_BuildDate, AS_BuildDate, LastScanTime, LastScanType
Dim objShell
set objShell = CreateObject("WScript.Shell")
'============ Get current info ============
AV_Version = objShell.RegRead(AV_VERSION_VALUE)
AS_Version = objShell.RegRead(AS_VERSION_VALUE)
EngineVersion = objShell.RegRead(ENGINE_VERSION_VALUE)
AV_BuildDate = BinaryToDate( objShell.RegRead(AV_DATE) )
AS_BuildDate = BinaryToDate( objShell.RegRead(AS_DATE) )
ProductVersion = GetProductVersion(INSTALL_PATH_VALUE)
LastScanTime = BinaryToDate( objShell.RegRead(LAST_SCAN_TIME) )
LastScanType = GetScanType( objShell.RegRead(LAST_SCAN_TYPE) )
'============ Display summary info ============
WScript.echo "Microsoft Forefront Client Security version: " & ProductVersion
WScript.echo "Engine version: " & EngineVersion
WScript.echo "Antivirus Definition: Version " & AV_Version & " created on " & AV_BuildDate
WScript.echo "Antispyware Definition: Version " & AS_Version & " created on " & AS_BuildDate
WScript.echo "Last scan: " & LastScanTime & " (" & LastScanType & ")"
'************ END MAIN ************
'===============================================================
'Function BinaryToDate will covert a binary DATE_TIME structure into a Variant date set to the local time
' Parameter: bArray - a VARIANT array of bytes
' Return: a VARIANT date
Function BinaryToDate(bArray)
dim Seconds,Days,dateTime
Set dateTime = CreateObject("WbemScripting.SWbemDateTime")
Seconds = bArray(7)*(2^56) + bArray(6)*(2^48) + bArray(5)*(2^40) + bArray(4)*(2^32) _
+ bArray(3)*(2^24) + bArray(2)*(2^16) + bArray(1)*(2^8) + bArray(0)
Days = Seconds/(1E7*86400)
dateTime.SetVarDate CDate(DateSerial(1601, 1, 1) + Days ), false
BinaryToDate = dateTime.GetVarDate ()
End Function
'===============================================================
'Function GetProductVersion will query a registry key for the file location and then return the version from the filesystem
' Parameter: strRegPath - path to the registry pointing to the installation location
' Return: a VARIANT string containing the product version
Function GetProductVersion(regPath)
const FILE_TO_CHECK = "\msmpeng.exe"
dim strFilePath, objFSO
strFilePath = objShell.RegRead(regPath) & FILE_TO_CHECK
Set objFSO = CreateObject("Scripting.FileSystemObject")
GetProductVersion = objFSO.GetFileVersion(strFilePath)
Set objFSO = Nothing
End Function
'===============================================================
'Function GetScanType will return a string with the scan type that corresponds to the enum
' Parameter: iScanType - type of scan
' Return: a VARIANT string containing text type of scan
Function GetScanType(iScanType)
Select case(iScanType)
Case 1 : GetScanType= "Quick Scan"
Case 2 : GetScanType= "Full Scan"
Case Else GetScanType= "Invalid Scan type"
End Select
End Function
C:\Program Files\ForefrontStatus\Vbs
Microsoft Forefront Client Security 版本:3.0.8107.0
引擎版本:1.1.6502.0
防病毒定义:版本 1.97.905.0 创建于 2011 年 2 月 2 日 上午 6:10:51
反间谍软件定义:版本 1.97.905.0 创建于 2011 年 2 月 2 日 上午 6:10:51
上次扫描:2011 年 2 月 2 日 上午 2:26:34(快速扫描)
答案2
选项明确
const FCS_REGKEY_ROOT = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware"
暗淡的 SCAN_KEY,SIGNATUREUPDATES_KEY
昏暗的 AV_VERSION_VALUE,AS_VERSION_VALUE,ENGINE_VERSION_VALUE,AV_DATE,AS_DATE
模糊 LAST_SCAN_TIME、LAST_SCAN_TYPE、INSTALL_PATH_VALUE
SCAN_KEY=FCS_REGKEY_ROOT & "\扫描"
SIGNATUREUPDATES_KEY = FCS_REGKEY_ROOT & "\签名更新"
INSTALL_PATH_VALUE=FCS_REGKEY_ROOT & "\安装位置"
AV_VERSION_VALUE=SIGNATUREUPDATES_KEY&"\AVSignatureVersion"
AS_VERSION_VALUE=SIGNATUREUPDATES_KEY&"\ASSignatureVersion"
ENGINE_VERSION_VALUE=SIGNATUREUPDATES_KEY &"\引擎版本"
AV_DATE=SIGNATUREUPDATES_KEY&"\AVSignatureApplied"
AS_DATE=SIGNATUREUPDATES_KEY&"\ASSignatureApplied"
上次扫描时间 = 扫描键 & "\上次扫描运行"
最后扫描类型= SCAN_KEY & "\最后扫描类型"
'11-11-13
NIS_ENGINE_VERSION_VALUE = SIGNATUREUPDATES_KEY &"\NISEngineVersion"
NIS_SIGNATURE_VERSION_VALUE = SIGNATUREUPDATES_KEY &"\NISSignatureVersion"
NIS_SIGNATURE_DATE = SIGNATUREUPDATES_KEY &"\NISSignatureApplied"
SIGNATURES_LAST_UPDATE = SIGNATUREUPDATES_KEY &"\签名上次更新"
'************ 主要的 ************
Dim AV_Version、AS_Version、引擎版本、产品版本
昏暗的 AV_BuildDate、AS_BuildDate、LastScanTime、LastScanType
昏暗的 objShell
设置 objShell = CreateObject("WScript.Shell")
'============ 获取当前信息 ============
AV_Version = objShell.RegRead(AV_VERSION_VALUE)
AS_Version = objShell.RegRead(AS_VERSION_VALUE)
引擎版本 = objShell.RegRead(ENGINE_VERSION_VALUE)
AV_BuildDate = BinaryToDate( objShell.RegRead(AV_DATE) )
AS_BuildDate = BinaryToDate( objShell.RegRead(AS_DATE) )
产品版本 = 获取产品版本 (INSTALL_PATH_VALUE)
LastScanTime = BinaryToDate( objShell.RegRead(上次扫描时间) )
LastScanType = GetScanType( objShell.RegRead(LAST_SCAN_TYPE) )
'11-11-13
NIS_Engine_Version = objShell.RegRead(NIS_ENGINE_VERSION_VALUE)
NIS_Signature_Version = objShell.RegRead(NIS_SIGNATURE_VERSION_VALUE)
NIS_BuildDate = BinaryToDate(objShell.RegRead(NIS_SIGNATURE_DATE))
LAST_UPDATE = BinaryToDate(objShell.RegRead(SIGNATURES_LAST_UPDATE))
'============= 显示摘要信息 =============
WScript.echo "Microsoft Forefront Client Security 版本: " & ProductVersion
WScript.echo "引擎版本:" & EngineVersion
WScript.echo "防病毒定义:版本 " & AV_Version & " 创建于 " & AV_BuildDate
WScript.echo "反间谍软件定义:版本 " & AS_Version & " 创建于 " & AS_BuildDate
WScript.echo "上次扫描:" & LastScanTime & " (" & LastScanType & ")"
'11-11-13
wscript.echo "NIS 引擎:版本" & NIS_Engine_Version
wscript.echo "Nis 签名:版本 " & NIS_Signature_Version & " 创建于 " & NIS_BuildDate
wscript.echo "最后更新:" &LAST_UPDATE
'************ 主程序结束 ************
‘==================================================================
'函数 BinaryToDate 将二进制 DATE_TIME 结构转换为设置为本地时间的变量日期
' 参数:bArray - 一个 VARIANT 字节数组
' 返回:VARIANT 日期
函数 BinaryToDate(bArray)
dim 秒,天,日期时间
设置 dateTime = CreateObject("WbemScripting.SWbemDateTime")
秒 = bArray(7)*(2^56) + bArray(6)*(2^48) + bArray(5)*(2^40) + bArray(4)*(2^32) _
+ bArray(3)*(2^24) + bArray(2)*(2^16) + bArray(1)*(2^8) + bArray(0)
天 = 秒/(1E7*86400)
dateTime.SetVarDate CDate(DateSerial(1601, 1, 1) + 天), false
BinaryToDate = dateTime.GetVarDate()
结束函数
‘==================================================================
'函数 GetProductVersion 将查询注册表项以获取文件位置,然后从文件系统返回版本
' 参数:strRegPath - 指向安装位置的注册表路径
' 返回:包含产品版本的 VARIANT 字符串
函数 GetProductVersion(regPath)
const FILE_TO_CHECK = "\msmpeng.exe"
dim strFilePath,objFSO
strFilePath = objShell.RegRead(regPath) & FILE_TO_CHECK
设置 objFSO = CreateObject("Scripting.FileSystemObject")
获取产品版本 = objFSO.获取文件版本(strFilePath)
设置 objFSO = Nothing
结束函数
‘==================================================================
'函数 GetScanType 将返回一个字符串,其中包含与枚举相对应的扫描类型
' 参数:iScanType - 扫描类型
' 返回:包含文本类型扫描的 VARIANT 字符串
函数 GetScanType(iScanType)
选择案例(iScanType)
情况 1:GetScanType=“快速扫描”
情况 2:GetScanType=“全面扫描”
Case Else GetScanType= "无效的扫描类型"
结束选择
结束函数