I'm attempting to gather AV state data (provider, s开发者_开发技巧canning status, whether the definition file is up to date) on Windows 2008 R2. With Windows XP SP3, Vista, and Windows 7, this was able to be done by querying the WMI namespace /root/SecurityCenter and /root/SecurityCenter2.
However it appears Microsoft may have depreciated 'Windows Security Center' in Win2k8r2 which provided the mechanism to get this information. Another stackoverflow response suggests using the Wscapi, but this also isn't included in Win2k8r2.
Does anyone know of a mechanism that can be used to query the AV state data for win2k8r2? Thank you.
Yes. OESIS Framework exposes a library, OESIS Local, which returns the following information from the installed AV, relevant to up-to-date status:
- Vendor Name
- Product Name
- Product/Engine Version
- Is Product Authentic
- Definition Signature
- Definition Time
- Definition Version
OESIS Framework also includes a data feed, OESIS Monitor, which returns the following information, in real-time, from AV vendors:
- Vendor Name
- Engine Version
- Definition Date (current and up to previous 20)
- Definition Signature (current and up to previous 20)
- Definition Version (current and up to previous 20)
- Time Stamp for each of the above (and up the previous 20)
Used together AV up-date-status can be determined, including how far behind AV vendor’s current, if at all, is the installed AV.
With respect to scanning status, OESIS Local returns: Is Full System Scan In Progress Last Full System Scan Time
精彩评论