Menu
I have seen code samples similar to the following numerous times in my search for an answer:
using System;
using System.Text;
using System.Management;
namespace ConsoleApplication1
{
class Program
{
public static bool AntivirusInstalled()
{
string wmipathstr = @"\\" + Environment.MachineName + @"\root\SecurityCenter";
try
{
ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmipathstr, "SELECT * FROM AntivirusProduct");
ManagementObjectCollection instances = searcher.Get();
return instances.Count > 0;
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
return false;
}
public static void Main(string[] args)
{
bool returnCode = AntivirusInstalled();
Console.WriteLine("Antivirus Installed " + returnCode.ToString());
Console.WriteLine();
Console.Read();
}
}
}
Unfortunately, it appears that Windows Server 2008 does not have the SecurityCenter or SecurityCenter2 namespace, so I get an Invalid namespace exception when trying this approach.
Does anyone know of a way to determine if there is antivirus software running on Windows Server 2008? Any help is appreciated!
373
The best way to tell if you have anti-virus software installed is to use the Security Center feature on your Microsoft operating system. When you select this option, you'll be presented with a status for: Anti-virus software. Firewall protection.
Windows Server 2016 now includes Windows Defender Antivirus. Windows Defender AV is malware protection that immediately and actively protects Windows Server 2016 against known malware and can regularly update antimalware definitions through Windows Update.
The status of your antivirus software is typically displayed in Windows Security Center. Open Security Center by clicking the Start button , clicking Control Panel, clicking Security, and then clicking Security Center. Click Malware protection.
Use the EICAR test virus.
It will not only work on every anti-virus on earth, but it will also tell you if the anti-virus is active!
You may find it hard to download the test file if you have anti-virus active, so you may want to use this string instead:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Keep in mind, you probably want to keep the string encoded on your app and decode it just before you write it to disk. Otherwise you may risk your app being detected as a virus :)
On the EICAR site, they say:
Any anti-virus product that supports the EICAR test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long
However, I wouldn't count AV developers have read the spec, so better just keep the string encoded. In fact, I just tried to save the string on a .txt file on my desktop with some additional characters in it and Windows Defender started screaming.
144
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
