Thursday 8 July 2021

How can you check using a Windows batch file what AntiVirus s/w is active?

Windows Defender is the standard Windows Antivirus software that comes with Windows 10 and it does a pretty good job.

However, many people like to install 3rd-party AV and anti-malware software too.

In fact, some people may be running 3rd-party AV software without even knowing it!

For instance, many types of Acronis backup products may also install Acronis Cloud Protect without you even being aware of it.

One way to detect AV software and Services is to trawl through the Windows task list and try to recognise the names of the software products but I wanted to write a small .cmd Windows batch file to show the user what AV software was installed and if it was enabled or not so that I could add the code  into the E2B Make script to warn the user that they have AV s/w installed and it may be blocking write access to their USB drive's boot sector.

Here is what I ended up with...


It uses wmic to get the three status bytes and then the code interprets the status of various bits. These bits are not fully defined by Microsoft and also the AntiVirus software may not actually fully conform to Microsoft's standards and change these bits correctly or the AV s/w may not communicate correctly with the wmi SecurityCenter2 API, but this code seems to be reliable although not all status bits are interpreted.

The source script can be found on my google sites 'scratchpad' website here.

You can download the .cmd file here.

Admin access rights may be required to run it. It probably won't work on Servers though (and wmic is supposed to be deprecated).

If you try it, please send me your results.

No comments:

Post a Comment