Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Antivirus Software WMI

84 views
Skip to first unread message

Jacob Hodges

unread,
Jul 18, 2005, 7:21:39 AM7/18/05
to
Hi,
I am trying to write a WMI script to query remote windows 2000 sp2 machines
for antivirus information. What i need is what version they have, their
parent server and the defs they have.

Because I am using win2k i can't use something like this:

strComputer = "." 'Can set to remote machine.

On Error Resume Next
Set oWMI = GetObject _
("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer _
& "\root\SecurityCenter")

Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")

Now I am assuming the Symantec would have written a WMI provider for windows
security center. Does anyone know how to get access to this? Or know of
getting this information from somewhere.

Thanks,
Jacob


David H. Lipman

unread,
Jul 18, 2005, 11:19:04 AM7/18/05
to
From: "Jacob Hodges" <ju...@hfws.net.no-spam>


It does...

"To obtain the Norton WMI update for Norton 2002/2003/2004 security products..."

http://service1.symantec.com/SUPPORT/sharedtech.nsf/pfdocs/2004081709433813


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Jacob Hodges

unread,
Jul 18, 2005, 9:30:00 PM7/18/05
to
No, that isn't what I ment. How can i access Symantecs provider form WMI,
not download it. I mean is there something like \root\Symantec or something
like that? I just need a simple way to get the version of antivirus
installed, the defs, and the parent server. A lot of this information can be
gathered from
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion and
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs. The trouble is that to get
everything i need i need to do something like what i have below, is there a
faster way to do this?

Option Explicit
On Error Resume Next

Const HKEY_LOCAL_MACHINE = &H80000002
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Const ForReading = 1, ForWriting = 2

Const ADContainer = "ou=brisbane forest park,ou=central office"

Dim objOU, objComputer, objWMIService, colItems, objItem, strComputer

Dim objFSO, objFile
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("c:\" & ADContainer & ".txt", ForWriting,
True)


'Set objOU = GetObject("LDAP://ou=computers," & ADContainer &
",dc=prod,dc=ad,dc=internal")
objOU = Array("CN=Microwave")

For Each objComputer in objOU
Wscript.Echo objCOmputer.Name

'We will get a list of computers that look something like CN=4CRND1S we
will need to split this string
strComputer = Split(objComputer.Name, "=")

'We have the computername lets try to do an WMI query
Dim objReg, strKeyPath, strEntryName, strValue, strOutput,
strEntryName1,strDefs

strOutput = ADContainer & "," & strComputer(1) & ","

Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &
strComputer(1) & "\root\default:StdRegProv")

'set the path to the key we want
strKeyPath = "SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion"
strEntryname = "Parent"

objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strEntryName,
strValue

'add the parent server to the output sting
strOutput = strOutput & strValue & ","

'set the path to the key we want for the Definitions
strKeyPath = "SOFTWARE\Symantec\SharedDefs"
strEntryname = "NAVCORP_70"


objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strEntryName,
strValue

strDefs = Split(strValue, "\")
strOutput = strOutput & strDefs(5) & ","

'******************************************************************************** 'Now lets get the product version Set objWMIService = GetObject("winmgmts:\\" & strComputer(1) &"\root\CIMV2") Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Product WHEREName='Symantec Antivirus'", "WQL", _ wbemFlagReturnImmediately + wbemFlagForwardOnly) For Each objItem In colItems strOutput = strOutput & objItem.Version Next objFile.WriteLine strOutput Wscript.Echo strOutputNext'close the text fileobjFile.Close"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in messagenews:OGG6Jw6i...@TK2MSFTNGP12.phx.gbl...> From: "Jacob Hodges" <ju...@hfws.net.no-spam>>> | Hi,> | I am trying to write a WMI script to query remote windows 2000 sp2machines> | for antivirus information. What i need is what version they have, their> | parent server and the defs they have.> |> | Because I am using win2k i can't use something like this:> |> | strComputer = "." 'Can set to remote machine.> |> | On Error Resume Next> | Set oWMI = GetObject _> | ("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer _> | & "\root\SecurityCenter")> |> | Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")> |> | Now I am assuming the Symantec would have written a WMI provider forwindows> | security center. Does anyone know how to get access to this? Or know of> | getting this information from somewhere.> |> | Thanks,> | Jacob> |>>> It does...>> "To obtain the Norton WMI update for Norton 2002/2003/2004 securityproducts...">>http://service1.symantec.com/SUPPORT/sharedtech.nsf/pfdocs/2004081709433813>>> --> Dave> http://www.claymania.com/removal-trojan-adware.html> http://www.ik-cs.com/got-a-virus.htm>>

Mike Wiseman

unread,
Jul 20, 2005, 2:26:50 PM7/20/05
to
On Windows XP SP2, I use wmic to do this:

wmic /NAMESPACE:\\root\SecurityCenter PATH AntiVirusProduct

I don't think you can do this with win2K since SecurityCenter is an XP SP2
feature.

Mike


"Jacob Hodges" <ju...@hfws.net.no-spam> wrote in message
news:uEwciFAj...@TK2MSFTNGP10.phx.gbl...

0 new messages