Windows-7

通過腳本對 Microsoft Security Essentials 進行上次定義更新的時間戳

  • November 13, 2013

有沒有辦法通過 VBScript 或 Powershell 來檢查這個?我已經簡要地查看了SecurityCenterSecurityCenter2WMI 類,但它們看起來都不是特別有用。似乎最簡單的方法是通過 WMI 中的後者確定什麼值,productState以獲取一些意味著 AV 認為沒問題的消息。 還有其他想法嗎?

您可能需要根據已安裝的版本更改 FCS_REGKEY_ROOT。這適用於最新版本。從這里拉出來的。

Option Explicit
const FCS_REGKEY_ROOT = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware"

Dim SCAN_KEY, SIGNATUREUPDATES_KEY
Dim AV_VERSION_VALUE, AS_VERSION_VALUE, ENGINE_VERSION_VALUE, AV_DATE, AS_DATE
Dim LAST_SCAN_TIME, LAST_SCAN_TYPE, INSTALL_PATH_VALUE
SCAN_KEY=FCS_REGKEY_ROOT & "\Scan"
SIGNATUREUPDATES_KEY = FCS_REGKEY_ROOT & "\Signature Updates"
INSTALL_PATH_VALUE= FCS_REGKEY_ROOT & "\InstallLocation"
AV_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\AVSignatureVersion"
AS_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\ASSignatureVersion"
ENGINE_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\EngineVersion"
AV_DATE= SIGNATUREUPDATES_KEY &"\AVSignatureApplied"
AS_DATE= SIGNATUREUPDATES_KEY &"\ASSignatureApplied"
LAST_SCAN_TIME= SCAN_KEY & "\LastScanRun"
LAST_SCAN_TYPE= SCAN_KEY & "\LastScanType"



'************ MAIN ************
Dim AV_Version, AS_Version, EngineVersion, ProductVersion
Dim AV_BuildDate, AS_BuildDate, LastScanTime, LastScanType
Dim objShell
set objShell      = CreateObject("WScript.Shell")


'============ Get current info ============
AV_Version = objShell.RegRead(AV_VERSION_VALUE)
AS_Version = objShell.RegRead(AS_VERSION_VALUE)
EngineVersion = objShell.RegRead(ENGINE_VERSION_VALUE)
AV_BuildDate = BinaryToDate( objShell.RegRead(AV_DATE) )
AS_BuildDate = BinaryToDate( objShell.RegRead(AS_DATE) )
ProductVersion = GetProductVersion(INSTALL_PATH_VALUE)
LastScanTime = BinaryToDate( objShell.RegRead(LAST_SCAN_TIME) )
LastScanType = GetScanType( objShell.RegRead(LAST_SCAN_TYPE) )

'============  Display summary info ============
WScript.echo "Microsoft Forefront Client Security version:  " & ProductVersion
WScript.echo "Engine version:  " & EngineVersion
WScript.echo "Antivirus Definition:  Version " & AV_Version & " created on " & AV_BuildDate
WScript.echo "Antispyware Definition:  Version " & AS_Version & " created on " & AS_BuildDate
WScript.echo "Last scan:  " & LastScanTime & " (" & LastScanType & ")"

'************ END MAIN ************


'===============================================================
'Function BinaryToDate will covert a binary DATE_TIME structure into a Variant date set to the local time
'  Parameter: bArray - a VARIANT array of bytes
'  Return: a VARIANT date
Function BinaryToDate(bArray)
dim Seconds,Days,dateTime
Set dateTime = CreateObject("WbemScripting.SWbemDateTime")
Seconds       = bArray(7)*(2^56) + bArray(6)*(2^48) + bArray(5)*(2^40) + bArray(4)*(2^32) _
                    + bArray(3)*(2^24) + bArray(2)*(2^16) + bArray(1)*(2^8) + bArray(0)
Days            = Seconds/(1E7*86400)
dateTime.SetVarDate   CDate(DateSerial(1601, 1, 1) + Days ), false
BinaryToDate = dateTime.GetVarDate ()
End Function

'===============================================================
'Function GetProductVersion will query a registry key for the file location and then return the version from the filesystem
'  Parameter: strRegPath - path to the registry pointing to the installation location
'  Return: a VARIANT string containing the product version
Function GetProductVersion(regPath)
const FILE_TO_CHECK = "\msmpeng.exe"
dim strFilePath, objFSO
strFilePath = objShell.RegRead(regPath) & FILE_TO_CHECK
Set objFSO = CreateObject("Scripting.FileSystemObject")
GetProductVersion = objFSO.GetFileVersion(strFilePath)
Set objFSO = Nothing
End Function

'===============================================================
'Function GetScanType will return a string with the scan type that corresponds to the enum
'  Parameter: iScanType - type of scan
'  Return: a VARIANT string containing text type of scan
Function GetScanType(iScanType)
Select case(iScanType)
  Case 1 : GetScanType= "Quick Scan"
  Case 2 : GetScanType= "Full Scan"
  Case Else GetScanType= "Invalid Scan type"
End Select
End Function

C:>cscript frontalstatus.vbs

Microsoft Forefront Client Security 版本:3.0.8107.0

引擎版本:1.1.6502.0

防病毒定義:版本 1.97.905.0 創建於 2011 年 2 月 2 日上午 6:10:51

防間諜軟體定義:版本 1.97.905.0 創建於 2011 年 2 月 6 :10:51 AM

最後一次掃描:2/2/2011 2:26:34 AM(快速掃描)

引用自:https://serverfault.com/questions/230368