WMI wql queries to fetch antivirus information

StackOverflow https://stackoverflow.com/questions/9939648

  •  28-05-2021
  •  | 
  •  

Question

What are the different sql queries which can help in fetching installed antivirus information ? 1 query i know which tells antivirus name ( as shown in the code below ).what are the other information which we can fetch using wql queries?

 string wmipathstr = @"\\" + Environment.MachineName + @"\root\SecurityCenter2";
 Console.WriteLine(Environment.MachineName );

 var searcher = new ManagementObjectSearcher(wmipathstr, "SELECT * FROM AntivirusProduct");

 foreach (var instances in searcher.Get())
 {
   Console.WriteLine(instances.GetPropertyValue("displayName"));
 }
 Console.Read();
Was it helpful?

Solution

This article shows a few more of the fields that should exist:

companyName
displayName
instanceGuid
onAccessScanningEnabled
pathToSignedProductExe
productHasNotifiedUser
productState
productUptoDate
productWantsWscNotifications
versionNumber

I'm guessing productState would be your 'whether it's on or off'.

Update: I believe you can use WscGetSecurityProviderHealth to get whether of not it's on instead, if that's all you're looking for.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top