Scanning for Intalled Security Software

[jpommerening at SYMBION.COM (Pommerening, Jeremy)]

You could try the following vbscript

Option Explicit 

Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly               = &h20

Dim objWMIService, colWMIItems, Item, strWMIQuery
Dim strComputerName, i, blnSP3

strComputerName = "."

Set objWMIService = GetObject("winmgmts:\\" & strComputerName & "\root\CIMV2")
strWMIQuery = "SELECT ServicePackMajorVersion FROM Win32_OperatingSystem"
Set colWMIItems = objWMIService.ExecQuery(strWMIQuery, "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)

For Each item In colWMIItems
        If item.ServicePackMajorVersion = 3 Then blnSP3 = True 
Next 

If blnSP3 Then 
        Set objWMIService = GetObject("winmgmts:\\" & strComputerName & "\root\SecurityCenter")
        strWMIQuery = "SELECT displayName, versionNumber, companyName, productUptodate, onAccessScanningEnabled from 
AntiVirusProduct"
        Set colWMIItems = objWMIService.ExecQuery(strWMIQuery, "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
        
        For Each Item In colWMIItems
                wscript.echo Item.displayName
                wscript.echo "Version              : " & Item.versionNumber
                wscript.echo "Provided by          : " & Item.companyName
                If Item.productUptodate = True Then 
                        wscript.echo "Virus Definitions    : Up to date"
                Else 
                        wscript.echo "Virus Definitions    : Out of date"
                End If
                If Item.onAccessScanningEnabled = True Then 
                        wscript.echo "On Access Scanning   : Enabled"
                Else 
                        wscript.echo "On Access Scanning   : Disabled"
                End If 
                i = i + 1
        Next
Else 
        wscript.echo "Cannot determine AV status unless Service Pack 3 is installed."
End If 

If i = 0 Then
        wscript.echo "Could not determine AV status."
        wscript.echo "Possible Causes:" & vbNewLine
        wscript.echo "AV Software not installed"
        wscript.echo "AV Software not compatible with XP Security Center"
End If



Jeremy Pommerening
MGR, Information Security
Symbion, Inc.
615-234-8912 Direct
615-429-6883 BB

GIAC - GCFA,GPEN, GAWN & GCFW,
GIAC Advisory Board Member
MCSE Win2K, MCSE NT4,
CompTia SERVER+, HP APS



-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Shane 
Kelly
Sent: Friday, April 23, 2010 7:23 AM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Scanning for Intalled Security Software

Hey Guys,

Does anyone have any experiance with doing agentless scanning for
installed software in a network?
I'm looking for instances where workstations may exist that do not
have Safeguard Easy or Anti-virus Installed.


Many thanks in advance,
Shane
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


Disclaimer: The email and files transmitted with it are confidential and are intended solely for the use of the 
individual or entity to whom they are addressed.  If you are not the original recipient or the person responsible for 
the delivering the email to the intended recipient, be advised that you have received this email in error, and that any 
use, dissemination, forwarding, printing or copying of this email is strictly prohibited.  If you received this email 
in error, please delete it from your system without copying it, and notify the sender by reply email so that our 
address record can be corrected.  Thank you. Symbion, Inc.