WMI wql queries to fetch antivirus information

Question

What are the different sql queries which can help in fetching installed antivirus information ? 1 query i know which tells antivirus name ( as shown in the code below ).what are the other information which we can fetch using wql queries?

 string wmipathstr = @"\\" + Environment.MachineName + @"\root\SecurityCenter2";
 Console.WriteLine(Environment.MachineName );

 var searcher = new ManagementObjectSearcher(wmipathstr, "SELECT * FROM AntivirusProduct");

 foreach (var instances in searcher.Get())
 {
   Console.WriteLine(instances.GetPropertyValue("displayName"));
 }
 Console.Read();

info like antivirus version or whether its firewall is turned on or off etc .. — Unbreakable, Mar 30 '12 at 08:47

score 2 · Accepted Answer · answered Mar 30 '12 at 08:55

2

This article shows a few more of the fields that should exist:

companyName
displayName
instanceGuid
onAccessScanningEnabled
pathToSignedProductExe
productHasNotifiedUser
productState
productUptoDate
productWantsWscNotifications
versionNumber

I'm guessing productState would be your 'whether it's on or off'.

Update: I believe you can use WscGetSecurityProviderHealth to get whether of not it's on instead, if that's all you're looking for.

answered Mar 30 '12 at 08:55

Alexander R

2,468
24
28

1

Thanks for the reply..Guess what my main concern is about the firewall status only . Do you know how to use WscGetSecurityProviderHealth in c sharp. – Unbreakable Mar 30 '12 at 09:21
1

Or if not can you please let me know how to use this product state method in c sharp . Any snippet if you could share . – Unbreakable Mar 30 '12 at 09:23

WMI wql queries to fetch antivirus information

1 Answers1