如何在 C++ 中使用 WMI 或其他 WMI 检测 Windows 2003 Server 和 2008 Server 2003 Server R2 和 2008 Server R2 上安装的防病毒软件
我已经使用 WMI 来检测操作系统上是否存在防病毒软件, itz 工作正常,并使用命名空间:\root\SecurityCenter 和 \root\SecurityCenter、\root\Security 在 win xp 和 window7 上显示防病毒信息,如名称和实例 id。
if(isHLOSVersion( ))
hres = pLoc->ConnectServer( _bstr_t(L"root\\SecurityCenter2"),
// Object path of SecurityCenter
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (e.g. Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
else
hres = pLoc->ConnectServer( _bstr_t(L"root\\SecurityCenter"),
// Object path of SecurityCenter
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (e.g. Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
但在 Windows 2003 Server 和 2008 Server 2003 Server R2 和 2008 Server R2 中,上述命名空间不存在,因此这不起作用。
请告诉我如何检测 Windows 2003 Server 和 2008 Server 2003 Server R2 和 2008 Server R2 操作系统是否存在防病毒软件。
i have used WMI to detect that antivirus is present on OS,
itz woking fine and display me information of antivirus like name and instance id on win xp and window7 by using Namespace:\root\SecurityCenter and \root\SecurityCenter, \root\Security.
if(isHLOSVersion( ))
hres = pLoc->ConnectServer( _bstr_t(L"root\\SecurityCenter2"),
// Object path of SecurityCenter
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (e.g. Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
else
hres = pLoc->ConnectServer( _bstr_t(L"root\\SecurityCenter"),
// Object path of SecurityCenter
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (e.g. Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
But in case of windows 2003 server and 2008 server 2003 server R2and 2008 server R2 these above namespace are not present so this is not working there.
Please let me know how can we detect that antivirus present or not windows 2003 server and 2008 server 2003 server R2and 2008 server R2 operating system.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
该命名空间在 Windows Server 平台上不可用,我认为它可能已在 Workstation 中被弃用(即消失)。
您也许可以使用 WscGetSecurityProviderHealth() 来获得相同的结果。
请参阅 http://msdn.microsoft.com/en-us/library/bb432506。 aspx
这是我的简单示例,似乎可以工作:
更新 2012 年 12 月 9 日
Alex 指出(如下),这不适用于 Windows Server,仅适用于 Windows 的工作站版本。经过反思,我发现这可能是故意的,而且事实上,可能是最好的结果。
应用程序真的需要知道服务器的状态吗?大多数服务器安全程序都有在发生故障时设置警报的机制。管理员将监控这些警报并修复损坏的问题。应用程序的行为应该就像安全性完全正常运行一样。
如果您确实必须了解某个特定程序,您可以在进程中查找其 exe 名称,并查看该进程是否正在运行以及是否正在消耗 cpu(未挂起)。除此之外,您可能需要与安全程序的供应商合作:他们可能有一个 API 来查询该程序。
That namespace is not available on Windows Server platforms an I think it might be deprecated for Workstation (i.e. going away).
You can probably use WscGetSecurityProviderHealth() to get the same result.
See http://msdn.microsoft.com/en-us/library/bb432506.aspx
Here's my trivial sample that seems to work:
Update 9 Dec 2012
Alex points out (below) that this does not work on Windows Server, only on Workstation versions of Windows. On reflection, it occurs to me that it is probably deliberate and, in fact, probably for the best.
Do application programs really need to know the status of a server? Most security programs for servers have mechanisms to set alarms when they fail. An admin will monitor those alarms and fix what is broken. Application programs should simply behave as if security is fully operational.
If you really must know about a particular program, you can look for its exe name amongst the processes and see if the process is running and is consuming cpu (not hung). Beyond that you might need to work with the security program's vendor: they may have an API to query the program.