Please add Antivirus detection

Feb 18, 2016 at 10:26 PM
Please add Antivirus detection and status report.

Name of antivirus installed if any, and the state (activated and updated)

Thanks a lot for such a great tool.
Coordinator
Feb 23, 2016 at 3:53 PM
Hi rob_figueroa,

Older versions of WinAudit used to show this type of information. However, it was unreliable so removed. There are many anti-virus applications out there but very few, if any, document how to obtain this information. WinAudit would look at file timestamps and so on but being heuristic in nature meant it did not work robustly.

As long as the anti-virus developer has followed Microsoft's software installation guidelines then WinAudit should show it. If you are not seeing it, then perhaps that is a bug. On the menu select View ->Software information. A new tab will show will all the software data WinAudit could find. Search (Edit -> Find) for software name you are interested in. If its not there, how was it installed?

oldbury
Feb 23, 2016 at 4:59 PM
Edited Feb 23, 2016 at 5:00 PM
The thing is that the new Windows Defender (on windows 10) is not "installed", is like another windows component.
And the other issue is the necessity to know if the AV is updated and activated.
As I understand there is a namespace in WMI that can be queried to get that info.

Please see: http://neophob.com/2010/03/wmi-query-windows-securitycenter2/

Perhaps now this informatión is more reliable.

Cheers!
Roberto.
Coordinator
Feb 25, 2016 at 1:24 PM
Hi rob_figueroa,

Thanks for the link, in the past we have found using the AntiVirusProduct and FirewallProduct WMI classes difficult and/or unreliable. For example, not detecting Windows Firewall at all even though its running. Also, as the blogger noted, AV status codes are not easy to interpret as these are not well documented. I'd rather that WinAudit omitted something altogether than show misleading or wrong information.

If you must have the information, see this:
https://social.msdn.microsoft.com/Forums/en-US/6501b87e-dda4-4838-93c3-244daa355d7c/wmisecuritycenter2-productstate?forum=vblanguage

If the script works on your computer(s), perhaps you could use that to get what you need.


oldbury