如何检测安装在Windows 2003服务器和2008服务器2003服务器上的防病毒服务器R2和2008服务器R2使用WMI或其他然后WMI在C + [英] How to detect antivirus installed on windows 2003 server and 2008 server 2003 server R2and 2008 server R2 using WMI or other then WMI in C++
问题描述
itz woking罚款,并显示我的信息的防病毒像名称和实例id在win xp和window7通过使用命名空间:\root \SecurityCenter和\root \SecurityCenter,\root \Security。
if(isHLOSVersion())
hres = pLoc-> ConnectServer(_bstr_t(Lroot \\SecurityCenter2),
// SecurityCenter的对象路径
NULL,//用户名NULL =当前用户
NULL,//用户密码NULL =当前
0,// Locale。NULL表示当前
NULL,//安全标志
0,//权限(例如Kerberos)
0,//上下文对象
& pSvc //指向IWbemServices代理的指针
);
else
hres = pLoc-> ConnectServer(_bstr_t(Lroot \\SecurityCenter),
// SecurityCenter的对象路径
NULL, //用户名NULL =当前用户
NULL,//用户密码NULL =当前
0,//区域设置NULL表示当前
NULL,//安全标志
0,//权限(例如Kerberos)
0,//上下文对象
& pSvc //指向IWbemServices代理的指针
);
但是在Windows 2003服务器和2008服务器2003服务器R2和2008服务器R2的情况下,这些上述命名空间不是
请让我知道我们如何检测防病毒是否存在于windows 2003服务器和2008服务器2003服务器R2和2008服务器R2操作系统。
这个命名空间在Windows Server平台上不可用,我认为Workstation可能会被弃用(即离开)。
您可以使用WscGetSecurityProviderHealth()取得相同的结果。
请参阅 http://msdn.microsoft.com/en-us/library/bb432506.aspx p>
这是我看来工作的小样本:
#define _WIN32_WINNT _WIN32_WINNT_WIN7
#include< Windows.h>
#include< Wscapi.h>
#include< iostream>
#pragma comment(lib,Wscapi)
int main(int argc,char * argv [])
{
WSC_SECURITY_PROVIDER_HEALTH健康;
const DWORD dwAntivirus(WSC_SECURITY_PROVIDER_ANTIVIRUS);
HRESULT hr = WscGetSecurityProviderHealth(dwAntivirus,& health);
if(FAILED(hr))
{
std :: cerr<< Error<< std :: hex
<< std :: showbase<< hr < \\\
;
return -1;
}
switch(health)
{
case WSC_SECURITY_PROVIDER_HEALTH_GOOD:
std :: cout< 防病毒健康是好的
return 0;
case WSC_SECURITY_PROVIDER_HEALTH_NOTMONITORED:
std :: cout<< 未监控病毒的健康状况
return 1;
case WSC_SECURITY_PROVIDER_HEALTH_POOR:
std :: cout<< 抗病毒的健康状况不好
return 2;
case WSC_SECURITY_PROVIDER_HEALTH_SNOOZE:
std :: cout<< 防病毒健康是snooze\\\
;
return 3;
default:
std :: cout<< 意外的防病毒健康值:
<< std :: hex<< std :: showbase
<<健康< \\\
;
return 4;
}
}
2012年12月9日更新
Alex指出(下面),这在Windows Server上不起作用,只能在Workstation版本的Windows上。反思,它发生在我,它可能是故意的,事实上,可能是最好的。
应用程序真的需要知道服务器的状态吗?服务器的大多数安全程序都具有在失败时设置警报的机制。管理员将监控这些报警并修复损坏的内容。应用程序应该就像安全性完全可操作一样。
如果你真的必须知道一个特定的程序,你可以找它的exe名称,并查看进程是否正在运行并正在消耗cpu(未挂起)。除此之外,您可能需要与安全程序的供应商合作:他们可能有一个API来查询程序。
i have used WMI to detect that antivirus is present on OS, itz woking fine and display me information of antivirus like name and instance id on win xp and window7 by using Namespace:\root\SecurityCenter and \root\SecurityCenter, \root\Security.
if(isHLOSVersion( ))
hres = pLoc->ConnectServer( _bstr_t(L"root\\SecurityCenter2"),
// Object path of SecurityCenter
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (e.g. Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
else
hres = pLoc->ConnectServer( _bstr_t(L"root\\SecurityCenter"),
// Object path of SecurityCenter
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (e.g. Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
But in case of windows 2003 server and 2008 server 2003 server R2and 2008 server R2 these above namespace are not present so this is not working there.
Please let me know how can we detect that antivirus present or not windows 2003 server and 2008 server 2003 server R2and 2008 server R2 operating system.
That namespace is not available on Windows Server platforms an I think it might be deprecated for Workstation (i.e. going away).
You can probably use WscGetSecurityProviderHealth() to get the same result.
See http://msdn.microsoft.com/en-us/library/bb432506.aspx
Here's my trivial sample that seems to work:
#define _WIN32_WINNT _WIN32_WINNT_WIN7
#include <Windows.h>
#include <Wscapi.h>
#include <iostream>
#pragma comment(lib, "Wscapi")
int main(int argc, char* argv[])
{
WSC_SECURITY_PROVIDER_HEALTH health;
const DWORD dwAntivirus(WSC_SECURITY_PROVIDER_ANTIVIRUS);
HRESULT hr = WscGetSecurityProviderHealth(dwAntivirus, &health);
if (FAILED(hr))
{
std::cerr << "Error " << std::hex
<< std::showbase << hr << "\n";
return -1;
}
switch (health)
{
case WSC_SECURITY_PROVIDER_HEALTH_GOOD:
std::cout << "Antivirus health is good\n";
return 0;
case WSC_SECURITY_PROVIDER_HEALTH_NOTMONITORED:
std::cout << "Antivirus health is not monitored\n";
return 1;
case WSC_SECURITY_PROVIDER_HEALTH_POOR:
std::cout << "Antivirus health is poor\n";
return 2;
case WSC_SECURITY_PROVIDER_HEALTH_SNOOZE:
std::cout << "Antivirus health is snooze\n";
return 3;
default:
std::cout << "Unexpected antivirus health value: "
<< std::hex << std::showbase
<< health << "\n";
return 4;
}
}
Update 9 Dec 2012
Alex points out (below) that this does not work on Windows Server, only on Workstation versions of Windows. On reflection, it occurs to me that it is probably deliberate and, in fact, probably for the best.
Do application programs really need to know the status of a server? Most security programs for servers have mechanisms to set alarms when they fail. An admin will monitor those alarms and fix what is broken. Application programs should simply behave as if security is fully operational.
If you really must know about a particular program, you can look for its exe name amongst the processes and see if the process is running and is consuming cpu (not hung). Beyond that you might need to work with the security program's vendor: they may have an API to query the program.
这篇关于如何检测安装在Windows 2003服务器和2008服务器2003服务器上的防病毒服务器R2和2008服务器R2使用WMI或其他然后WMI在C +的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
