CheckSecurity.VBS - Query Status of All Security Products

Post your handy scripts here, or any requests for help in creating a script.
Forum rules
1. Try to give more than you take, when possible.
2. Always wrap code in
Code: Select all
 tags
so it doesn't wrap the lines, and for the one-click select all feature.

CheckSecurity.VBS - Query Status of All Security Products

Postby Nick » Mon Feb 11, 2013 5:18 pm

CheckSecurity is a Visual Basic Script (VBS) designed to query Windows Security Center via WMI to find:
  • Any and all installed anti-virus, anti-spyware, and 3rd party firewall products on a local (or remote) PC...
  • Determine if the anti-virus and anti-spyware software has real-time scanning enabled and if the 3rd party firewall is enabled...
  • Determine if the anti-virus and anti-spyware product definitions are up-to-date or outdated...
Note: Does not detect Windows firewall status as it does not report in the same way to WSC.

Here is the code for your examination: (select all and copy/paste into a plain text file, naming it with a .VBS extension instead of .TXT to execute.)
Code: Select all
' Security Product Detection VBS by Foolish IT

' to test on a remote system, set strComp = TheComputerNameOfTheRemoteSystem
' script will fail if you don't have permission to query the system

Dim strComp, iAVCount, iFWCount, iASCount, sAV, sFW, sAS, bXP
strComp = "."

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComp & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery ("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
   if instr(objOperatingSystem.Caption, "XP") <> 0 then
      call XPSub
      bXP = True
   else
      call VistaSub
      bXP = False
   end if
Next

select case iAVCount
    case 0
   sAVMsg = "WARNING - No AntiVirus Product Detected!" & vbnewline  & vbnewline
    case 1
   sAVMsg = "AntiVirus Product:  " & sAV & vbnewline  & vbnewline
    case else
   sAVMsg = "WARNING - " & iAVCount & " AntiVirus Products Detected:" & vbnewline & vbtab & sAV & vbnewline  & vbnewline
end select

if bXP = False then
   select case iASCount
       case 0
      sASMsg = "WARNING - No AntiSpyware Product Detected!" & vbnewline  & vbnewline
       case 1
      sASMsg = "AntiSpyware Product:  " & sAS & vbnewline  & vbnewline
       case else
      sASMsg = "WARNING - " & iASCount & " AntiSpyware Products Detected:" & vbnewline & vbtab & sAS & vbnewline  & vbnewline
   end select
end if

select case iFWCount
    case 0
   sFWMsg = "No 3rd Party Firewall Detected." & vbnewline  & vbnewline
    case 1
   sFWMsg = "Firewall Product:  " & sFW & vbnewline  & vbnewline
    case else
   sFWMsg = "WARNING - " & iFWCount & " Firewall Products Detected:" & vbnewline & vbtab & sFW & vbnewline  & vbnewline
end select

Msgbox sAVMsg & sASMsg & sFWMsg, , "Security Product Detection VBS by Foolish IT"

Sub VistaSub
   Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComp & "\root\SecurityCenter2")   

   Set colAVItems = oWMI.ExecQuery("Select * from AntiVirusProduct")
   For Each objAntiVirusProduct In colAVItems
       If LenB(objAntiVirusProduct.DisplayName) > 1 Then
      sAVState = right(hex(objAntiVirusProduct.productstate), 4)
      if left(sAVState, 1) = "1" then
          sAVActive = "Enabled"
      else
          sAVActive = "Disabled"
      end if
      if mid(sAVState, 3, 1) = "0" then
          sAVCurrent = "Up to Date"
      else
          sAVCurrent = "Outdated!"
           end if
           if lenb(sAV) < 1 then
          ' only one here
          sAV = objAntiVirusProduct.DisplayName & " (" & sAVActive & ", " & sAVCurrent & ")"
          iAVCount = 1
      else
          ' multiple products end up here
          sAV = sAV & vbnewline & vbtab & objAntiVirusProduct.DisplayName & " (" & sAVActive & ", " & sAVCurrent & ")"
          iAVCount = iAVCount + 1
      End if
       End if
   Next

   Set colASItems = oWMI.ExecQuery("Select * from AntiSpywareProduct")
   For Each objAntiSpywareProduct In colASItems
       If LenB(objAntiSpywareProduct.DisplayName) > 1 Then
      sASState = right(hex(objAntiSpywareProduct.productstate), 4)
      if left(sASState, 1) = "1" then
          sASActive = "Enabled"
      else
          sASActive = "Disabled"
      end if
      if mid(sASState, 3, 1) = "0" then
          sASCurrent = "Up to Date"
      else
          sASCurrent = "Outdated!"
           end if
           if lenb(sAS) < 1 then
          ' only one here
          sAS = objAntiSpywareProduct.DisplayName & " (" & sASActive & ", " & sASCurrent & ")"
          iASCount = 1
      else
          ' multiple products end up here
          sAS = sAS & vbnewline & vbtab & objAntiSpywareProduct.DisplayName & " (" & sASActive & ", " & sASCurrent & ")"
          iASCount = iASCount + 1
      End if
       End if
   Next

   Set colFWItems = oWMI.ExecQuery("Select * from FirewallProduct")
   For Each objFirewallProduct In colFWItems
       If LenB(objFirewallProduct.DisplayName) > 1 Then
      sFWState = right(hex(objFirewallProduct.productstate), 4)
      if left(sFWState, 1) = "1" then
          sFWActive = "Enabled"
      else
          sFWActive = "Disabled"
      end if
           if lenb(sFW) < 1 then
          ' only one here
          sFW = objFirewallProduct.DisplayName & " (" & sFWActive & ")"
          iFWCount = 1
      else
          ' multiple products end up here
          sFW = sFW & vbnewline & vbtab & objFirewallProduct.DisplayName & " (" & sFWActive & ")"
          iFWCount = iFWCount + 1
      End if
       End if
   Next
end sub

sub XPSub
   Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComp & "\root\SecurityCenter") 

      Set colAVItems = oWMI.ExecQuery("Select * from AntiVirusProduct")
      For Each objAntiVirusProduct In colAVItems
             If LenB(objAntiVirusProduct.DisplayName) > 1 Then
            if objAntiVirusProduct.onAccessScanningEnabled = True then   
                sAVActive = "Enabled"
            else
                sAVActive = "Disabled"
            end if
            if objAntiVirusProduct.productUpToDate = true then
                sAVCurrent = "Up to Date"
            else
                sAVCurrent = "Outdated!"
            end if
            if lenb(sAV) < 1 then
                ' only one antivirus here
                sAV = objAntiVirusProduct.DisplayName & " (" & sAVActive & ", " & sAVCurrent & ")"
                iCount = 1
            else
                ' multiple antivirus ends up here
                sAV = sAV & vbnewline & objAntiVirusProduct.DisplayName & " (" & sAVActive & ", " & sAVCurrent & ")"
                iCount = iCount + 1
            End if
          End if
      Next

   Set colFWItems = oWMI.ExecQuery("Select * from FirewallProduct")
   For Each objFirewallProduct In colFWItems
       If LenB(objFirewallProduct.DisplayName) > 1 Then
      if objFirewallProduct.enabled = True then   
          sFWActive = "Enabled"
      else
          sFWActive = "Disabled"
      end if
           if lenb(sFW) < 1 then
          ' only one here
          sFW = objFirewallProduct.DisplayName & " (" & sFWActive & ")"
          iFWCount = 1
      else
          ' multiple PRODUCTS end up here
          sFW = sFW & vbnewline & vbtab & objFirewallProduct.DisplayName & " (" & sFWActive & ")"
          iFWCount = iFWCount + 1
      End if
       End if
   Next
end sub


You may also download the script as a non-executable plain text file on my website here.
Author of d7/d7II and other PC technician's tools. http://www.FoolishIT.com

Image
User avatar
Nick
Site Admin
 
Posts: 2718
Joined: Mon Nov 19, 2012 7:54 pm

Re: CheckSecurity.VBS - Query Status of All Security Product

Postby GEGeek » Wed Feb 13, 2013 10:28 pm

Hey Nick, long time.
Love the auto scripts
Keep'em coming.
GEGeek
GEGeek - I don't reinvent the wheel, I just link to it.
Image
http://www.gegeek.com
GEGeek
 
Posts: 158
Joined: Wed Feb 13, 2013 8:20 am
Location: NJ

Re: CheckSecurity.VBS - Query Status of All Security Product

Postby bighair » Tue Apr 28, 2015 11:49 am

I know this is an old post, I'm just curious if anyone has been able to tie this script to also Identify the AV service name and if the service is stopped to start it? The start and stop service is easy enough, I'm having issues Identifying the Service name of the Antivirus in this script.
bighair
 
Posts: 1
Joined: Tue Apr 28, 2015 11:40 am


Return to Automation / Scripting / Batch