分享程序员开发的那些事...
更新时间:2023-08-21 13:04:52
这个命名空间在Windows Server平台上不可用,我认为Workstation可能会被弃用(即离开)。
您可以使用WscGetSecurityProviderHealth()取得相同的结果。
请参阅 http://msdn.microsoft.com/en-us/library/bb432506.aspx p>
这是我看来工作的小样本:
#define _WIN32_WINNT _WIN32_WINNT_WIN7
#include< Windows.h>
#include< Wscapi.h>
#include< iostream>
#pragma comment(lib,Wscapi)
int main(int argc,char * argv [])
{
WSC_SECURITY_PROVIDER_HEALTH健康;
const DWORD dwAntivirus(WSC_SECURITY_PROVIDER_ANTIVIRUS);
HRESULT hr = WscGetSecurityProviderHealth(dwAntivirus,& health);
if(FAILED(hr))
{
std :: cerr<< Error<< std :: hex
<< std :: showbase<< hr ;
return -1;
}
switch(health)
{
case WSC_SECURITY_PROVIDER_HEALTH_GOOD:
std :: cout< 防病毒健康是好的
return 0;
case WSC_SECURITY_PROVIDER_HEALTH_NOTMONITORED:
std :: cout<< 未监控病毒的健康状况
return 1;
case WSC_SECURITY_PROVIDER_HEALTH_POOR:
std :: cout<< 抗病毒的健康状况不好
return 2;
case WSC_SECURITY_PROVIDER_HEALTH_SNOOZE:
std :: cout<< 防病毒健康是snooze\\\
;
return 3;
default:
std :: cout<< 意外的防病毒健康值:
<< std :: hex<< std :: showbase
<<健康< \\\
;
return 4;
}
}
2012年12月9日更新
Alex指出(下面),这在Windows Server上不起作用,只能在Workstation版本的Windows上。反思,它发生在我,它可能是故意的,事实上,可能是***的。
应用程序真的需要知道服务器的状态吗?服务器的大多数安全程序都具有在失败时设置警报的机制。管理员将监控这些报警并修复损坏的内容。应用程序应该就像安全性完全可操作一样。
如果你真的必须知道一个特定的程序,你可以找它的exe名称,并查看进程是否正在运行并正在消耗cpu(未挂起)。除此之外,您可能需要与安全程序的供应商合作:他们可能有一个API来查询程序。
i have used WMI to detect that antivirus is present on OS, itz woking fine and display me information of antivirus like name and instance id on win xp and window7 by using Namespace:\root\SecurityCenter and \root\SecurityCenter, \root\Security.
if(isHLOSVersion( ))
hres = pLoc->ConnectServer( _bstr_t(L"root\\SecurityCenter2"),
// Object path of SecurityCenter
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (e.g. Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
else
hres = pLoc->ConnectServer( _bstr_t(L"root\\SecurityCenter"),
// Object path of SecurityCenter
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (e.g. Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
But in case of windows 2003 server and 2008 server 2003 server R2and 2008 server R2 these above namespace are not present so this is not working there.
Please let me know how can we detect that antivirus present or not windows 2003 server and 2008 server 2003 server R2and 2008 server R2 operating system.
That namespace is not available on Windows Server platforms an I think it might be deprecated for Workstation (i.e. going away).
You can probably use WscGetSecurityProviderHealth() to get the same result.
See http://msdn.microsoft.com/en-us/library/bb432506.aspx
Here's my trivial sample that seems to work:
#define _WIN32_WINNT _WIN32_WINNT_WIN7
#include <Windows.h>
#include <Wscapi.h>
#include <iostream>
#pragma comment(lib, "Wscapi")
int main(int argc, char* argv[])
{
WSC_SECURITY_PROVIDER_HEALTH health;
const DWORD dwAntivirus(WSC_SECURITY_PROVIDER_ANTIVIRUS);
HRESULT hr = WscGetSecurityProviderHealth(dwAntivirus, &health);
if (FAILED(hr))
{
std::cerr << "Error " << std::hex
<< std::showbase << hr << "\n";
return -1;
}
switch (health)
{
case WSC_SECURITY_PROVIDER_HEALTH_GOOD:
std::cout << "Antivirus health is good\n";
return 0;
case WSC_SECURITY_PROVIDER_HEALTH_NOTMONITORED:
std::cout << "Antivirus health is not monitored\n";
return 1;
case WSC_SECURITY_PROVIDER_HEALTH_POOR:
std::cout << "Antivirus health is poor\n";
return 2;
case WSC_SECURITY_PROVIDER_HEALTH_SNOOZE:
std::cout << "Antivirus health is snooze\n";
return 3;
default:
std::cout << "Unexpected antivirus health value: "
<< std::hex << std::showbase
<< health << "\n";
return 4;
}
}
Update 9 Dec 2012
Alex points out (below) that this does not work on Windows Server, only on Workstation versions of Windows. On reflection, it occurs to me that it is probably deliberate and, in fact, probably for the best.
Do application programs really need to know the status of a server? Most security programs for servers have mechanisms to set alarms when they fail. An admin will monitor those alarms and fix what is broken. Application programs should simply behave as if security is fully operational.
If you really must know about a particular program, you can look for its exe name amongst the processes and see if the process is running and is consuming cpu (not hung). Beyond that you might need to work with the security program's vendor: they may have an API to query the program.