Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Detect Antivirus on Windows using C# [closed]

Is there a way to detect whether there is an antivirus software installed in a machine using C#? I know the Security Center detects antivirus software but how can you detect that in C#?

like image 257
Angel.King.47 Avatar asked Aug 26 '09 01:08

Angel.King.47


People also ask

How do you check if my PC has antivirus?

The status of your antivirus software is typically displayed in Windows Security Center. Open Security Center by clicking the Start button , clicking Control Panel, clicking Security, and then clicking Security Center. Click Malware protection.

How an antivirus is detected?

Heuristic-based detection uses an algorithm to compare the signatures of known viruses against potential threats. With heuristic-based detection, antivirus software can detect viruses that haven't been discovered yet, as well as already existing viruses that have been disguised or modified and released as new viruses.


1 Answers

According to Microsoft, The Windows Security Center uses a two-tiered approach for detection status. One tier is manual, and the other tier is automatic through Windows Management Instrumentation (WMI). In manual detection mode, Windows Security Center searches for registry keys and files that are provided to Microsoft by independent software manufacturers. These registry keys and files let Windows Security Center detect the status of independent software. In WMI mode, software manufacturers determine their own product status and report that status back to Windows Security Center through a WMI provider. In both modes, Windows Security Center tries to determine whether the following is true:

An antivirus program is present.

The antivirus signatures are up-to-date.

Real-time scanning or on-access scanning is turned on for antivirus programs.

For firewalls, Windows Security Center detects whether a third-party firewall is installed and whether the firewall is turned on or not.

So in order to determine the presence of an antivirus software, you can use the WMI making a connection to the root\SecurityCenter namespace (starting with windows Vista you must use the root\SecurityCenter2 namespace), and then query for the AntiVirusProduct WMI class.

Look at this sample code

using System;
using System.Text;
using System.Management;

namespace ConsoleApplication1
{
  class Program
  {
    public static bool AntivirusInstalled()
    {

      string wmipathstr = @"\\" + Environment.MachineName + @"\root\SecurityCenter";
      try
      {
        ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmipathstr, "SELECT * FROM AntivirusProduct");
        ManagementObjectCollection instances = searcher.Get();
        return instances.Count > 0;
      }

      catch (Exception e)
      {
        Console.WriteLine(e.Message);
      }

      return false;
    } 

    public static void Main(string[] args)
    {
      bool returnCode = AntivirusInstalled();
      Console.WriteLine("Antivirus Installed " + returnCode.ToString());
      Console.WriteLine();
      Console.Read();
    }

  }
}
like image 74
RRUZ Avatar answered Oct 08 '22 22:10

RRUZ