Re: Security centre though wmi

Spacen Jasset wrote:

I am trying to determine the status of anti-virus products and firewalls using WMI. I was hoping that the security centre istself had a WMI or is the case that the firewall software itself have wmi providers but the security centre must be quiried though a com interface?

Any pointer on this, I can't seem to find the information. 
Hi,

If I run the script below on a computer that have the latest version
of Symantec Client Firewall (corporate edition) installed, I get this
output:

Company Name       : Symantec Corporation
Display Name       : Symantec Client Firewall
Enabled            : True
enableUIParameters :
pathToEnableUI     :
versionNumber      : 8.6.0.80


On a WinXP SP2 computer with only the builtin firewall available,
I get nothing returned...


'--------------------8<----------------------
strComputer = "." 'Can set to remote machine.

Set oWMI = GetObject _
     ("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer _
    & "\root\SecurityCenter")

Set colFirewall = objSWbemServices.ExecQuery _
     ("Select * From FirewallProduct")

For Each objFirewall In colFirewall
  Wscript.Echo("Company Name       : " & objFirewall.companyName)
  Wscript.Echo("Display Name       : " & objFirewall.displayName)
  Wscript.Echo("Enabled            : " & objFirewall.enabled)
  Wscript.Echo("enableUIParameters : " & objFirewall.enableUIParameters)
  Wscript.Echo("pathToEnableUI     : " & objFirewall.pathToEnableUI)
  wscript.Echo("versionNumber      : " & objFirewall.versionNumber)
Next

'--------------------8<----------------------



The output of the script below when having Symantec's
SAV CE 9.0.3 installed:

companyName: Symantec Corporation
displayName: Symantec AntiVirus Corporate Edition
enableOnAccessUIMd5Hash:
enableOnAccessUIParameters:
instanceGuid: {FB06448E-52B8-493A-90F3-E43226D3305C}
onAccessScanningEnabled: True
pathToEnableOnAccessUI:
pathToUpdateUI:
productUptoDate: True
updateUIMd5Hash:
updateUIParameters:
versionNumber: 9.0.3.1000



'--------------------8<----------------------
strComputer = "." 'Can set to remote machine.

On Error Resume Next
Set oWMI = GetObject _
     ("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer _
    & "\root\SecurityCenter")

Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")

If Err = 0 Then
  For Each objAntiVirusProduct In colItems
    WScript.Echo "companyName: " & objAntiVirusProduct.companyName
    WScript.Echo "displayName: " & objAntiVirusProduct.displayName
    WScript.Echo "enableOnAccessUIMd5Hash: " _
        & objAntiVirusProduct.enableOnAccessUIMd5Hash
    WScript.Echo "enableOnAccessUIParameters: " _
        & objAntiVirusProduct.enableOnAccessUIParameters
    WScript.Echo "instanceGuid: " & objAntiVirusProduct.instanceGuid
    WScript.Echo "onAccessScanningEnabled: " _
        & objAntiVirusProduct.onAccessScanningEnabled
    WScript.Echo "pathToEnableOnAccessUI: " _
        & objAntiVirusProduct.pathToEnableOnAccessUI
    WScript.Echo "pathToUpdateUI: " & objAntiVirusProduct.pathToUpdateUI
    WScript.Echo "productUptoDate: " & objAntiVirusProduct.productUptoDate
    WScript.Echo "updateUIMd5Hash: " & objAntiVirusProduct.updateUIMd5Hash
    WScript.Echo "updateUIParameters: " _
        & objAntiVirusProduct.updateUIParameters
    WScript.Echo "versionNumber: " & objAntiVirusProduct.versionNumber
  Next
Else
  Err.Clear
  WScript.Echo "Unable to connect to SecurityCenter class on " _
      & strComputer & "."
  WScript.Echo " Error Number:" & Err.Number
  WScript.Echo " Source:" & Err.Source
  WScript.Echo " Description:" & Err.Description
End If

'--------------------8<----------------------



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
.

Relevant Pages

  • Re: WMI Reference
    ... You will be writing a complex custom application / script for that. ... A good way to get used to what Wmi is and the way it works is to use ... be detected by Sms, etc. ... Scriptomatic tool from the scripting tech center. ...
    (microsoft.public.sms.admin)
  • Re: 2 questions: uptime and last logged on users
    ... > For your computer uptime question: ... > ' Converts WMI Date and Time Format to standard date/time ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
    (microsoft.public.win32.programmer.wmi)
  • Re: security center
    ... but you can query the PC's via WMI (Windows Management Instrumentation) scripting. ... The below script is for the local computer, and would need to be modified to determine all PC's on your network/domain and then query each computer individually and report when there is a problem. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Copying and running processes on remote machines
    ... WMI Scripting Primer: Part 1 ... Managing Windows Registry with Scripting ...
    (microsoft.public.win32.programmer.wmi)
  • Re: Online Test
    ... Using ping seem to be a rather crude way. ... > Almost any method for communicating with a remote computer is going to have ... > WMI script to determine that a system is not there. ... torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
    (microsoft.public.scripting.vbscript)
Loading