通过脚本更新Microsoft安全要点的最后定义的时间戳

Question

有什么方法可以通过VBScript或Powershell来检查吗？我简要介绍了SecurityCenter和SecurityCenter2 WMI类，但它们都没有特别有用。看起来最简单的方法是确定的值productState通过WMI中的后者获得一些消息，这意味着AV认为它是可以的。还有其他的想法吗？

Answer 1

您可能需要根据已安装的版本更改FCS_REGKEY_ROOT。这适用于最近的版本。从这里拉出来的。

Option Explicit
const FCS_REGKEY_ROOT = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware"

Dim SCAN_KEY, SIGNATUREUPDATES_KEY
Dim AV_VERSION_VALUE, AS_VERSION_VALUE, ENGINE_VERSION_VALUE, AV_DATE, AS_DATE
Dim LAST_SCAN_TIME, LAST_SCAN_TYPE, INSTALL_PATH_VALUE
SCAN_KEY=FCS_REGKEY_ROOT & "\Scan"
SIGNATUREUPDATES_KEY = FCS_REGKEY_ROOT & "\Signature Updates"
INSTALL_PATH_VALUE= FCS_REGKEY_ROOT & "\InstallLocation"
AV_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\AVSignatureVersion"
AS_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\ASSignatureVersion"
ENGINE_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\EngineVersion"
AV_DATE= SIGNATUREUPDATES_KEY &"\AVSignatureApplied"
AS_DATE= SIGNATUREUPDATES_KEY &"\ASSignatureApplied"
LAST_SCAN_TIME= SCAN_KEY & "\LastScanRun"
LAST_SCAN_TYPE= SCAN_KEY & "\LastScanType"



'************ MAIN ************
Dim AV_Version, AS_Version, EngineVersion, ProductVersion
Dim AV_BuildDate, AS_BuildDate, LastScanTime, LastScanType
Dim objShell
set objShell      = CreateObject("WScript.Shell")


'============ Get current info ============
AV_Version = objShell.RegRead(AV_VERSION_VALUE)
AS_Version = objShell.RegRead(AS_VERSION_VALUE)
EngineVersion = objShell.RegRead(ENGINE_VERSION_VALUE)
AV_BuildDate = BinaryToDate( objShell.RegRead(AV_DATE) )
AS_BuildDate = BinaryToDate( objShell.RegRead(AS_DATE) )
ProductVersion = GetProductVersion(INSTALL_PATH_VALUE)
LastScanTime = BinaryToDate( objShell.RegRead(LAST_SCAN_TIME) )
LastScanType = GetScanType( objShell.RegRead(LAST_SCAN_TYPE) )

'============  Display summary info ============
WScript.echo "Microsoft Forefront Client Security version:  " & ProductVersion
WScript.echo "Engine version:  " & EngineVersion
WScript.echo "Antivirus Definition:  Version " & AV_Version & " created on " & AV_BuildDate
WScript.echo "Antispyware Definition:  Version " & AS_Version & " created on " & AS_BuildDate
WScript.echo "Last scan:  " & LastScanTime & " (" & LastScanType & ")"

'************ END MAIN ************


'===============================================================
'Function BinaryToDate will covert a binary DATE_TIME structure into a Variant date set to the local time
'  Parameter: bArray - a VARIANT array of bytes
'  Return: a VARIANT date
Function BinaryToDate(bArray)
dim Seconds,Days,dateTime
Set dateTime = CreateObject("WbemScripting.SWbemDateTime")
 Seconds       = bArray(7)*(2^56) + bArray(6)*(2^48) + bArray(5)*(2^40) + bArray(4)*(2^32) _
                     + bArray(3)*(2^24) + bArray(2)*(2^16) + bArray(1)*(2^8) + bArray(0)
 Days            = Seconds/(1E7*86400)
 dateTime.SetVarDate   CDate(DateSerial(1601, 1, 1) + Days ), false
 BinaryToDate = dateTime.GetVarDate ()
End Function

'===============================================================
'Function GetProductVersion will query a registry key for the file location and then return the version from the filesystem
'  Parameter: strRegPath - path to the registry pointing to the installation location
'  Return: a VARIANT string containing the product version
Function GetProductVersion(regPath)
 const FILE_TO_CHECK = "\msmpeng.exe"
 dim strFilePath, objFSO
 strFilePath = objShell.RegRead(regPath) & FILE_TO_CHECK
 Set objFSO = CreateObject("Scripting.FileSystemObject")
 GetProductVersion = objFSO.GetFileVersion(strFilePath)
 Set objFSO = Nothing
End Function

'===============================================================
'Function GetScanType will return a string with the scan type that corresponds to the enum
'  Parameter: iScanType - type of scan
'  Return: a VARIANT string containing text type of scan
Function GetScanType(iScanType)
 Select case(iScanType)
   Case 1 : GetScanType= "Quick Scan"
   Case 2 : GetScanType= "Full Scan"
   Case Else GetScanType= "Invalid Scan type"
 End Select
End Function

C:>cscript forefrontstatus.vbs

Microsoft前沿客户端安全版本: 3.0.8107.0

引擎版本: 1.1.6502.0

反病毒定义:2011年2月2日创建1.97.905.0版6:10:51 AM

反间谍软件定义:2011年2月2日创建1.97.905.0版6:10:51 AM

最后扫描: 2/2/2011 2:26:34 AM (快速扫描)