Is there a way to detect whether there is an antivirus software installed in a machine using C#? I know the Security Center detects antivirus software but how can you detect that in C#?
A link would be sufficient. :D
Thanks
I hate microsoft and licence agreements :(... thanks for the link i will try it and post if correct :D
Shahmir Javaid
2009-08-26 02:02:15
+12
A:
Hi,
Windows security center recognizes various antivirus softwares installed on your PC, see the following explanations:
Windows Security Center uses a two-tiered approach for detection status. One tier is manual, and the other tier is automatic through Windows Management Instrumentation (WMI). In manual detection mode, Windows Security Center searches for registry keys and files that are provided to Microsoft by independent software manufacturers. These registry keys and files let Windows Security Center detect the status of independent software. In WMI mode, software manufacturers determine their own product status and report that status back to Windows Security Center through a WMI provider. In both modes, Windows Security Center tries to determine whether the following is true:
An antivirus program is present.
The antivirus signatures are up-to-date.
Real-time scanning or on-access scanning is turned on for antivirus programs.
For firewalls, Windows Security Center detects whether a third-party firewall is installed and whether the firewall is turned on or not.
You should be able to query for the WMI provider. You need connect to the "root\SecurityCenter" root in WMI, and then query for the AntiVirusProduct class.
look at this code I wrote
using System;
using System.Text;
using System.Management;
namespace ConsoleApplication1
{
class Program
{
public static bool AntivirusInstalled()
{
string wmipathstr = @"\\" + Environment.MachineName + @"\root\SecurityCenter";
try
{
ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmipathstr, "SELECT * FROM AntivirusProduct");
ManagementObjectCollection instances = searcher.Get();
return instances.Count > 0;
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
return false;
}
public static void Main(string[] args)
{
bool returnCode = AntivirusInstalled();
Console.WriteLine("Antivirus Installed " + returnCode.ToString());
Console.WriteLine();
Console.Read();
}
}
}
Bye.
RRUZ
2009-08-26 01:34:10
Thanks :D it worked.. now im going to test it with an antivirus installed :D
Shahmir Javaid
2009-08-26 02:31:11
A:
This does not appear to work on vista - they no longer support writing directly to the root\securitycenter WMI namespace.
Any solution that works on XP and Vista?
Carl
2009-10-30 18:51:47
A:
Hi, WMI provider doesn't work for Windows Vista or Windows 7. Any other idea?
Babi
2010-05-19 17:19:55
A:
OESIS Framework is a uniform interface in C++ with COM/Java wrappers (C# sample available) to detect AV and other security apps (firewalls, anti-phishing, hard disk encryption, back-up, hypervisors etc. running on Windows (9x through Windows 7), Macintosh, Linux and Mobile operating systems. It is described at http://www.opswat.com/products/oesis-frameworkae
punahou1980
2010-08-11 17:41:35
A:
The WMI query changes slightly in Vista SP2 and beyond.
Try this part \root\SecurityCenter2 instead of \root\SecurityCenter
The results are slightly different as well. You can still get the display name, but you'll need to do a bit of bit masking for the ProductState field to determine if the onAccessScanner is enabled / disabled and the upToDate kind of information.
jeff
2010-10-09 22:23:56