Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Security centre though wmi

14 views
Skip to first unread message

Spacen Jasset

unread,
May 18, 2005, 8:39:46 AM5/18/05
to
I am trying to determine the status of anti-virus products and firewalls
using WMI. I was hoping that the security centre istself had a WMI or is
the case that the firewall software itself have wmi providers but the
security centre must be quiried though a com interface?

Any pointer on this, I can't seem to find the information.

Torgeir Bakken (MVP)

unread,
May 18, 2005, 9:38:34 AM5/18/05
to
Spacen Jasset wrote:

Hi,

If I run the script below on a computer that have the latest version
of Symantec Client Firewall (corporate edition) installed, I get this
output:

Company Name : Symantec Corporation
Display Name : Symantec Client Firewall
Enabled : True
enableUIParameters :
pathToEnableUI :
versionNumber : 8.6.0.80


On a WinXP SP2 computer with only the builtin firewall available,
I get nothing returned...


'--------------------8<----------------------
strComputer = "." 'Can set to remote machine.

Set oWMI = GetObject _
("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer _
& "\root\SecurityCenter")

Set colFirewall = objSWbemServices.ExecQuery _
("Select * From FirewallProduct")

For Each objFirewall In colFirewall
Wscript.Echo("Company Name : " & objFirewall.companyName)
Wscript.Echo("Display Name : " & objFirewall.displayName)
Wscript.Echo("Enabled : " & objFirewall.enabled)
Wscript.Echo("enableUIParameters : " & objFirewall.enableUIParameters)
Wscript.Echo("pathToEnableUI : " & objFirewall.pathToEnableUI)
wscript.Echo("versionNumber : " & objFirewall.versionNumber)
Next

'--------------------8<----------------------

The output of the script below when having Symantec's
SAV CE 9.0.3 installed:

companyName: Symantec Corporation
displayName: Symantec AntiVirus Corporate Edition
enableOnAccessUIMd5Hash:
enableOnAccessUIParameters:
instanceGuid: {FB06448E-52B8-493A-90F3-E43226D3305C}
onAccessScanningEnabled: True
pathToEnableOnAccessUI:
pathToUpdateUI:
productUptoDate: True
updateUIMd5Hash:
updateUIParameters:
versionNumber: 9.0.3.1000

'--------------------8<----------------------
strComputer = "." 'Can set to remote machine.

On Error Resume Next
Set oWMI = GetObject _
("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer _
& "\root\SecurityCenter")

Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")

If Err = 0 Then
For Each objAntiVirusProduct In colItems
WScript.Echo "companyName: " & objAntiVirusProduct.companyName
WScript.Echo "displayName: " & objAntiVirusProduct.displayName
WScript.Echo "enableOnAccessUIMd5Hash: " _
& objAntiVirusProduct.enableOnAccessUIMd5Hash
WScript.Echo "enableOnAccessUIParameters: " _
& objAntiVirusProduct.enableOnAccessUIParameters
WScript.Echo "instanceGuid: " & objAntiVirusProduct.instanceGuid
WScript.Echo "onAccessScanningEnabled: " _
& objAntiVirusProduct.onAccessScanningEnabled
WScript.Echo "pathToEnableOnAccessUI: " _
& objAntiVirusProduct.pathToEnableOnAccessUI
WScript.Echo "pathToUpdateUI: " & objAntiVirusProduct.pathToUpdateUI
WScript.Echo "productUptoDate: " & objAntiVirusProduct.productUptoDate
WScript.Echo "updateUIMd5Hash: " & objAntiVirusProduct.updateUIMd5Hash
WScript.Echo "updateUIParameters: " _
& objAntiVirusProduct.updateUIParameters
WScript.Echo "versionNumber: " & objAntiVirusProduct.versionNumber
Next
Else
Err.Clear
WScript.Echo "Unable to connect to SecurityCenter class on " _
& strComputer & "."
WScript.Echo " Error Number:" & Err.Number
WScript.Echo " Source:" & Err.Source
WScript.Echo " Description:" & Err.Description
End If

'--------------------8<----------------------

--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

Spacen Jasset

unread,
May 18, 2005, 12:54:22 PM5/18/05
to
Torgeir Bakken (MVP) wrote:

...

> Hi,
>
> If I run the script below on a computer that have the latest version
> of Symantec Client Firewall (corporate edition) installed, I get this
> output:
>
> Company Name : Symantec Corporation
> Display Name : Symantec Client Firewall
> Enabled : True
> enableUIParameters :
> pathToEnableUI :
> versionNumber : 8.6.0.80
>
>
> On a WinXP SP2 computer with only the builtin firewall available,
> I get nothing returned...
>

...

Thanks Torgeir, I just found a similar script after looking around a bit
longer. It doesn't tell you if the windows firewall is enabled or not.
But that information can be gotten though the the firewall com object I
think.

It's a pitty there isn't a security centre wmi or com object that could
provide this information. Or is there one?

Joao Magalhaes

unread,
Apr 25, 2006, 12:18:47 PM4/25/06
to
was able to run this script in Windows XP SP2. However, It did not work in
Windows 2003 SP1. Is there a way to make it work under this platform?

Thanks in advance

0 new messages