Delphi - 如何检测防病毒软件的存在?

发布于 2024-09-16 11:05:24 字数 126 浏览 4 评论 0原文

当防病毒软件在安装我的软件期间运行时,某些组件无法正确安装。我总是告诉用户先将其关闭。但是,他们忘记了,然后我绞尽脑汁试图找出问题所在。是否有任何人都知道的Delphi功能可以检测防病毒软件是否正在运行,以便我可以在安装开始之前提醒用户?

When anti-virus software is running during the installation of my software certain components do not get installed correctly. I always tell the users to turn it OFF first. But, they forget and then I am racking my brains trying to figure out what went wrong. Is there a Delphi function that anyone knows about that can detect whether AntiVirus software is running, so I can alert the user before installation starts?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

就是爱搞怪 2024-09-23 11:05:24

从 XPsp2 开始,安全中心会注册是否有已知的防病毒软件。

据我所知,此功能通过 WMI api 运行,可以通过 Winapi 访问。 (绝地武士有它的标题)。

我在这里找到了一些 VBScript: http://blogs.msdn.com/b/alejacma/archive/2008/05/12/how-to-get-antivirus-information-with-wmi-vbscript.aspx< /a>

另一个提示:尝试以任何可能的方式与用户沟通,以尽可能关闭启发式扫描。这些通常是误报的原因,并且它可能比一起杀死防病毒软件更容易传递消息。

Since XPsp2, there is the security center that registers if there is a known antivirus.

Afaik this functions over the WMI api, which can be accessed via Winapi. (and Jedi has headers for it).

I've found some VBScript here: http://blogs.msdn.com/b/alejacma/archive/2008/05/12/how-to-get-antivirus-information-with-wmi-vbscript.aspx

Another tip: try to communicate to your users in any way possible to turn off heuristic scans as much as possible. These are typically the cause of false positives, and it can be an easier message to bring than killing the antivirus all together.

り繁华旳梦境 2024-09-23 11:05:24

我刚刚在我的博客上写了一篇文章,告诉您如何检测 Windows 桌面版本(XP、Vista 和 7)中是否存在防病毒软件。

使用 Delphi 和 WMI 获取已安装的防病毒、防间谍软件和防火墙软件

I just wrote on my blog a article, which tell you how to detect the presence of the antivirus software in the Windows Desktop editions (XP, Vista and 7).

Getting the installed Antivirus, AntiSpyware and Firewall software using Delphi and the WMI

旧人哭 2024-09-23 11:05:24

某些组件未正确安装

解释您正在安装哪些组件、如何安装这些组件以及它们的安装如何失败,这样会更容易推荐解决方案。另外,您使用的是安装程序产品还是您自己的安装代码?如果是您自己的安装程序,或者您可以在安装程序后自动运行您自己的代码,您可以进行自己的编程检查以确认您的安装 100% 正常,如果没有,则报告失败的内容并提醒用户关闭防病毒软件东西并重试安装。

certain components do not get installed correctly

Explain what components you're installing, how you're installing those components, and how their installation is failing, and it will be easier to recommend a solution. Also, are you using an installer product, or your own installation code? If it's your own installer, or if you can automatically run your own code after the installer, you can do your own programmatic check to confirm your install is 100% OK, and if not then report what failed and remind the user to turn off antivirus stuff and retry the install.

不喜欢何必死缠烂打 2024-09-23 11:05:24

我发现这是一个“老”问题,但是......
我找到了
使用 WMI 检索防病毒信息

I see that this is an "old" question, but...
i found it
Retreive Antivirus Information using WMI

树深时见影 2024-09-23 11:05:24

我们通过检查正在运行的进程来确定我们事先确定是反病毒程序的任何进程,从而取得了成功。 (您可以使用一些简单的代码枚举进程列表,您可以通过谷歌搜索“List Running Processes Delphi”找到这些代码)

如果我们找到一个,我们会告诉用户并拒绝继续...

构建我们知道的进程列表AV,我们安装 AV 程序的试用版,然后查看进程列表(在任务管理器中,或使用我们的枚举进程代码)。发现它们并不难...并且您可以关闭 AV 程序下来看看您确定的进程是否消失。 (Process Explorer 很有帮助:http://technet.microsoft.com/en- us/sysinternals/bb896653.aspx)

例如,我们当前寻找的一些进程包括 MCShield (McCaffe)、NPROTECT (Norton)、PCCNTMON (Trend Micro) 等。

显然这不会捕获所有 AV程序,但如果您与主要供应商(Norton、McCaffe、Trend Micro、ZA 等)一起执行上述操作,您将拥有该领域中很大比例的 AV 程序。

这样做的好处之一是它很容易实现,并且不需要任何真正低级的 Windows API 调用,除了枚举当前正在运行的进程......

We've had success by checking the running processes for any process that we've determined before-hand is an AV program. (You can enumerate a list of processes using some simple code that you can find by googling something List Running Processes Delphi)

If we find one, we tell the user and refuse to continue...

To build our list of processes that we know are AV, we install trial versions of the AV programs and then look at the list of processes (either in the task manager, or using our enumerate processes code.) It's not to hard to spot them... and you can shut the AV programs down and see if the processes you identify go away. (Process Explorer is helpful: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)

For example, some of the processes we currently look for include MCShield (McCaffe), NPROTECT (Norton), PCCNTMON (Trend Micro), etc.

Obviously this won't catch ALL AV programs, but if you do the above with the major vendors (Norton, McCaffe, Trend Micro, ZA, etc.) you'll have a large percentage of the AV programs in the field covered.

One thing that is nice about this is that it's easy to implement and doesn't require any really low level Windows API calls, except to enumerate the currently running processes...

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文