Kaseya Community

AV update detection

  • get av state.txt
    I've been working with this script for quite a while and thought I might share it and see if you guys have tips for improvement. It has five steps and utilizes WMIC (WMI for command line) to check the status of the installed antivirus. That alone has it's drawbacks since it's not available for XP home (but who here uses that anyway???). It has only one big issue that maybe someone knows how to get around, the first time it's used on a machine, WMIC must be installed. It's done automatically but it causes you to have to re-run the script.

    Tested on XP pro, Vista business/Ultimate, Windows 7 Ultimate with AVG 7/7.5/8 and NOD 32.

    Input for improvement is greatly appreciated!

    **note, it only tells you if it's updated in the last week or not, it does not give you specifics(yet?)! Only what the Windows Security center can tell you. When it has not updated in 7 days it will warn you. If someone knows the registry key to change this, I would like to know this as well :-)

    [ATTACH]1159[/ATTACH]

    [ATTACH]1160[/ATTACH]

    [ATTACH]1161[/ATTACH]

    [ATTACH]1162[/ATTACH]

    [ATTACH]1163[/ATTACH]

    Legacy Forum Name: AV update detection,
    Legacy Posted By Username: kroberts210
  • get av state part 2a.txt
    Attachment refers to previous post.

    Legacy Forum Name: AV update detection,
    Legacy Posted By Username: kroberts210
  • get av state part 2b.txt
    Attachment refers to previous post.

    Legacy Forum Name: AV update detection,
    Legacy Posted By Username: kroberts210
  • get av state part 3.txt
    Attachment refers to previous post.

    Legacy Forum Name: AV update detection,
    Legacy Posted By Username: kroberts210
  • get AV state part 4.txt
    Attachment refers to previous post.

    Legacy Forum Name: AV update detection,
    Legacy Posted By Username: kroberts210
  • I have been running a similar WMI script, but it does not work on my 64-bit Win7 machines. I tried this script and have the same problem.

    Here's what I get on my 64-bit machine:
    c:\Temp>wmic /NAMESPACE:\\root\SecurityCenter PATH AntiVirusProduct GET * /value

    No Instance(s) Available.


    Any ideas on how to make it work on my Win7 64-bit machines?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: jeffryer
  • I just tried that on mine and this is what I got back:

    C:\>wmic /NAMESPACE:\\root\SecurityCenter PATH AntiVirusProduct GET * /value


    companyName=McAfee, Inc.
    displayName=McAfeer Security-as-a-Service Anti-virus
    instanceGuid={8C354827-2F54-4E28-90DC-AD391E77808C}
    onAccessScanningEnabled=TRUE
    pathToSignedProductExe=C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myA
    gtTry.exe
    productHasNotifiedUser=
    productState=
    productUptoDate=TRUE
    productWantsWscNotifications=
    versionNumber=5.2.0.470

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: rfouche
  • That's not a 64bit issue it's a Vista SP1+ (2008 Server SP1+) issue. The SecurityCenter namespace no longer exists on Vista/2008.

    Try wmic /NAMESPACE:\\root\SecurityCenter2 PATH AntiVirusProduct GET * /value

    Note that this provider only reports limited info including a bitwise "productState" column that no-one seems to know definitively how to decode. Read more at http://blogs.msdn.com/b/alejacma/archive/2008/05/12/how-to-get-antivirus-information-with-wmi-vbscript.aspx

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: teamnet