当前位置:theitroad>使用 C# 在 Windows 上检测杀毒软件

使用 C# 在 Windows 上检测杀毒软件

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/1331887/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-06 15:15:15  来源:igfitidea点击:

Detect Antivirus on Windows using C#

c#windowsantivirus

提问by Angel.King.47

Is there a way to detect whether there is an antivirus software installed in a machine using C#? I know the Security Center detects antivirus software but how can you detect that in C#?

有没有办法用C#检测机器上是否安装了杀毒软件?我知道安全中心检测到防病毒软件,但你如何在 C# 中检测到它?

采纳答案by RRUZ

According to Microsoft, The Windows Security Center uses a two-tiered approach for detection status. One tier is manual, and the other tier is automatic through Windows Management Instrumentation (WMI). In manual detection mode, Windows Security Center searches for registry keys and files that are provided to Microsoft by independent software manufacturers. These registry keys and files let Windows Security Center detect the status of independent software. In WMI mode, software manufacturers determine their own product status and report that status back to Windows Security Center through a WMI provider. In both modes, Windows Security Center tries to determine whether the following is true:

据微软称,Windows 安全中心使用两层方法来检测状态。一层是手动的,另一层是通过 Windows Management Instrumentation (WMI) 自动完成的。在手动检测模式下,Windows 安全中心会搜索由独立软件制造商提供给 Microsoft 的注册表项和文件。这些注册表项和文件让 Windows 安全中心检测独立软件的状态。在 WMI 模式下,软件制造商确定他们自己的产品状态并通过 WMI 提供程序将该状态报告回 Windows 安全中心。在这两种模式下,Windows 安全中心都会尝试确定以下情况是否成立:

An antivirus program is present.

存在防病毒程序。

The antivirus signatures are up-to-date.

防病毒签名是最新的。

Real-time scanning or on-access scanning is turned on for antivirus programs.

为防病毒程序打开实时扫描或按访问扫描。

For firewalls, Windows Security Center detects whether a third-party firewall is installed and whether the firewall is turned on or not.

对于防火墙,Windows 安全中心会检测是否安装了第三方防火墙以及防火墙是否打开。

So in order to determine the presence of an antivirus software, you can use the WMI making a connection to the root\SecurityCenternamespace (starting with windows Vista you must use the root\SecurityCenter2namespace), and then query for the AntiVirusProductWMI class.

因此,为了确定防病毒软件的存在,您可以使用 WMI 连接到root\SecurityCenter命名空间(从 Windows Vista 开始,您必须使用root\SecurityCenter2命名空间),然后查询AntiVirusProductWMI 类。

Look at this sample code

看看这个示例代码

using System;
using System.Text;
using System.Management;

namespace ConsoleApplication1
{
  class Program
  {
    public static bool AntivirusInstalled()
    {

      string wmipathstr = @"\" + Environment.MachineName + @"\root\SecurityCenter";
      try
      {
        ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmipathstr, "SELECT * FROM AntivirusProduct");
        ManagementObjectCollection instances = searcher.Get();
        return instances.Count > 0;
      }

      catch (Exception e)
      {
        Console.WriteLine(e.Message);
      }

      return false;
    } 

    public static void Main(string[] args)
    {
      bool returnCode = AntivirusInstalled();
      Console.WriteLine("Antivirus Installed " + returnCode.ToString());
      Console.WriteLine();
      Console.Read();
    }

  }
}

回答by jeff

The WMI query changes slightly in Vista SP2 and beyond.

WMI 查询在 Vista SP2 及更高版本中略有变化。

Try this part \root\SecurityCenter2 instead of \root\SecurityCenter

试试这部分 \root\SecurityCenter2 而不是 \root\SecurityCenter

The results are slightly different as well. You can still get the display name, but you'll need to do a bit of bit masking for the ProductState field to determine if the onAccessScanner is enabled / disabled and the upToDate kind of information.

结果也略有不同。您仍然可以获得显示名称,但您需要对 ProductState 字段进行一些位屏蔽,以确定是否启用/禁用 onAccessScanner 以及 upToDate 类型的信息。

回答by Amir Saniyan

Open C:\Windows\System32\wbem\wscenter.mofby Notepad. It helps you which namespaces and classes exist:

C:\Windows\System32\wbem\wscenter.mof用记事本打开。它可以帮助您存在哪些命名空间和类:

C# Query:

C# 查询

// SELECT * FROM AntiVirusProduct
// SELECT * FROM FirewallProduct
// SELECT * FROM AntiSpywareProduct
ManagementObjectSearcher wmiData = new ManagementObjectSearcher(@"root\SecurityCenter2", "SELECT * FROM AntiVirusProduct");
ManagementObjectCollection data = wmiData.Get();

foreach (ManagementObject virusChecker in data)
{
    var virusCheckerName = virusChecker["displayName"];
}

wscenter.mof:

wscenter.mof

#pragma autorecover
#pragma classflags(64)
#pragma namespace("\\.\root")

[NamespaceSecuritySDDL("O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:(A;CI;0x1;;;BU)(A;CI;0x1;;;BA)(A;CI;0x1;;;NS)(A;CI;0x1;;;LS)(A;CI;0x1;;;AU)(A;CI;0x6001D;;;S-1-5-80-3232712927-1625117661-2590453128-1738570065-3637376297)")] 
Instance of __namespace
{
  Name = "SecurityCenter";
};

[NamespaceSecuritySDDL("O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:(A;CI;0x1;;;BU)(A;CI;0x1;;;BA)(A;CI;0x1;;;NS)(A;CI;0x1;;;LS)(A;CI;0x1;;;AU)(A;CI;0x6001D;;;S-1-5-80-3232712927-1625117661-2590453128-1738570065-3637376297)")] 
Instance of __namespace
{
  Name = "SecurityCenter2";
};
#pragma namespace("\\.\root\SecurityCenter")

class AntiVirusProduct
{
  [key,Not_Null] string instanceGuid;
  [Not_Null] string displayName;
  [Not_Null] boolean productUptoDate;
  boolean onAccessScanningEnabled;
  boolean productHasNotifiedUser;
  boolean productWantsWscNotifications;
  uint8 productState;
  string companyName;
  string versionNumber;
  string pathToSignedProductExe;
};

class FirewallProduct
{
  [key,Not_Null] string instanceGuid;
  [Not_Null] string displayName;
  boolean enabled;
  boolean productHasNotifiedUser;
  boolean productWantsWscNotifications;
  uint8 productState;
  string companyName;
  string versionNumber;
  string pathToSignedProductExe;
};

class AntiSpywareProduct
{
  [key,Not_Null] string instanceGuid;
  [Not_Null] string displayName;
  [Not_Null] boolean productUptoDate;
  boolean productEnabled;
  boolean productHasNotifiedUser;
  boolean productWantsWscNotifications;
  uint8 productState;
  string companyName;
  string versionNumber;
  string pathToSignedProductExe;
};
#pragma namespace("\\.\root\SecurityCenter2")

class AntiVirusProduct
{
  [key,Not_Null] string instanceGuid;
  [Not_Null] string displayName;
  [Not_Null] string pathToSignedProductExe;
  [Not_Null] string pathToSignedReportingExe;
  [Not_Null] uint32 productState;
  string timestamp;
};

class FirewallProduct
{
  [key,Not_Null] string instanceGuid;
  [Not_Null] string displayName;
  [Not_Null] string pathToSignedProductExe;
  [Not_Null] string pathToSignedReportingExe;
  [Not_Null] uint32 productState;
  string timestamp;
};

class AntiSpywareProduct
{
  [key,Not_Null] string instanceGuid;
  [Not_Null] string displayName;
  [Not_Null] string pathToSignedProductExe;
  [Not_Null] string pathToSignedReportingExe;
  [Not_Null] uint32 productState;
  string timestamp;
};
#pragma autorecover

相关推荐

C# 用户控件、自定义控件和组件之间有什么区别?

C# 用户控件、自定义控件和组件之间有什么区别?

如何在c#中匹配URL?

如何在c#中匹配URL?

C# 如何将我的 asp.net 项目发布到我的本地 iis?

C# 如何将我的 asp.net 项目发布到我的本地 iis?

C# ASP.NET 运行时错误:找到不明确的匹配

C# ASP.NET 运行时错误:找到不明确的匹配

相关推荐
最近更新
标签