7 replies to this topic

[DarkPhoeniX]

i found this http://www.robvander.../secstat_xp.txt
Is there something like it for windows 7?

[sbaeder]

Interesting script...Looks like the basic tools are all here (i.e. WMIC and REG), you would just have to update it...I didn't know that all this stuff was in the WMI space, and using a tool like WMI Explorer (http://www.ks-soft.n...g/wmi/index.htm) you can search around. For example, the security settings are now inside "rootSecurityCenter2", but even making that small tweak didn't help much, and I gave up ...

But looks like it should be do-able!

[AceInfinity]

I'm sure I could go through this and have one similar working for Windows 7 but it would take some investigation. First step obviously as i'm sure you've both recognized is to change one of the first lines to this:

VER | FIND "6.1" > NUL || GOTO Syntax

The same registry value on my computer for Windows Updates does exist, but I never really looked through the full code in detail. Quite interesting though.

[DarkPhoeniX]

I just changed :

::VER | FIND "XP" >NUL || GOTO Syntax

dose the same thing....

i think what we need is the /namespace in this line:

FOR /F "tokens=*" %%A IN ('WMIC.EXE /Node:"%Computer%" /Namespace:rootSecurityCenter2 Path AntiVirusProduct Get companyName^,displayName^,onAccessScanningEnabled^,productUptoDate^,versionNumber /Format:List ^| FIND "="') DO SET %%A

when it comes to WMIC.exe I'm baffled

i cannot find the rootSecurityCenter2 with wmiexplorer as-well

[sbaeder]

Use the menu under Action to "connect" to a host or namespace. Then in the pop-up, use the little "book" next to the "namespace" to browse the namespace, and it starts a "root"...



I agree that I am also "baffled" by all of this (more like overwhelmed) when I started poking around in WMI...But at least you can start to "poke around in it, and maybe create a useful script.

[AceInfinity]

I actually have a WMI explorer created in Powershell that I use instead which looks exactly like that, and it may be the same just converted code. I'd have to take a look more into the WMI namespace used here.

[AceInfinity]

I think the problem here is that it's not finding this namespace: rootSecurityCenter2

It doesn't seem to exist on my computer running Windows 7. There are absolutely 0 classes that exist within it becuase the namespace is non-existant for me. Same thing with the root class SecurityCenter

[DarkPhoeniX]

Thanks for the tip @sbaeder
I came up with this:

WMIC.EXE /Node:"%userdomain%" /Namespace:rootSecurityCenter2 Path AntiVirusProduct Get displayName^ /Format:List

it seems to do the trick
edit:change AntiVirusProduct with FirewallProduct or AntispywareProduct(if installed)