Embedded Files
Windows cmd script to display AV status
Note: You can use just AntiVirusProduct or Firewallproduct or AntiSpywareProduct.
e.g.
--- COMODO Antivirus ---C:\Program Files\COMODO\COMODO Internet Security\upd7C.tmp
State=401408 (dec) : 06-20-00 (hex)
Type of antivirus : ANTIVIRUS, AUTOUPDATED
Scanning status : ***disabled***
Virus definitions : UP-TO-DATE
--- Windows Defender --
C:\Program Files\Windows Defender\MsMpeng.exe
State=393472 (dec) : 06-01-00 (hex)
Type of antivirus : ANTIVIRUS, AUTOUPDATED
Scanning status : ***disabled***
Virus definitions : UP-TO-DATE
--- COMODO Antivirus ---
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
State=397312 (dec) : 06-10-00 (hex)
Type of antivirus : ANTIVIRUS, AUTOUPDATED
Scanning status : ENABLED
Virus definitions : UP-TO-DATE
--- Malwarebytes ---
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
State=397312 (dec) : 06-10-00 (hex)
Type of antivirus : ANTIVIRUS, AUTOUPDATED
Scanning status : ENABLED
Virus definitions : UP-TO-DATE
--- Windows Defender ---
C:\Program Files\Windows Defender\MsMpeng.exe
State=393472 (dec) : 06-01-00 (hex)
Type of antivirus : ANTIVIRUS, AUTOUPDATED
Scanning status : ***disabled***
Virus definitions : UP-TO-DATE
@echo offREM CheckAv by SSi 2021-07-08echo.SETLOCAL EnableDelayedExpansionwmic /namespace:\\root\SecurityCenter2 path AntiVirusProduct get * /value 2> nul|findstr "displayName productState pathToSignedReportingExe" > t.txt 2> nulwmic /namespace:\\root\SecurityCenter2 path FirewallProduct get * /value 2> nul|findstr "displayName productState pathToSignedReportingExe" >> t.txt 2> nulwmic /namespace:\\root\SecurityCenter2 path AntiSpywareProduct get * /value 2> nul|findstr "displayName productState pathToSignedReportingExe" >> t.txt 2> nul
if exist t1.txt del t1.txtfor /f "tokens=2 delims=^=" %%G in (t.txt) do echo %%G>> t1.txtset count=0set File2Read=t1.txtfor /f "tokens=* delims=;#" %%a in ('Type "%File2Read%"') do ( set /a count+=1 set "Line[!count!]=%%a")if exist t.txt del t.txtif exist t1.txt del t1.txtREM Line[1] is name, Line[2] is state number
For /L %%i in (1,3,%count%) do ( set L=!Line[%%i]!REM Remove cr at end of string echo --- !L:~,-1! --- if "%%i"=="1" call :PrintStat !Line[3]! "!Line[2]!" if "%%i"=="4" call :PrintStat !Line[6]! "!Line[5]!" if "%%i"=="7" call :PrintStat !Line[9]! "!Line[8]!" if "%%i"=="10" call :PrintStat !Line[12]! "!Line[11]!" if "%%i"=="13" call :PrintStat !Line[15]! "!Line[14]!" if "%%i"=="16" call :PrintStat !Line[18]! "!Line[17]!" if "%%i"=="19" call :PrintStat !Line[21]! "!Line[20]!" if "%%i"=="22" call :PrintStat !Line[24]! "!Line[23]!" if "%%i"=="25" call :PrintStat !Line[27]! "!Line[26]!" echo.)ENDLOCALgoto :EOF
:PrintStatset L=%~2 & echo !L:~,-1!call cmd /c exit /b %1set "hex=%=exitcode%"set "hex=%hex:~2%"set "byte1=%hex:~0,2%"&set "byte2=%hex:~2,2%"&set "byte3=%hex:~4,2%"echo State=%1 (dec) : %byte1%-%byte2%-%byte3% (hex):: Check byte1:: bit 1 = firewall, 2=autoupdate, 4=AV, 8=antispyware, 10=internet settings, 20=user access control, 40=provider service set "status1=" if "%byte1%"=="00" set "status1=NONE" set /A "A = 0x%byte1% & 0x01 if %A% EQU 1 set "status1= FIREWALL" set /A "A = 0x%byte1% & 0x04 if %A% EQU 4 set "status1=%status1% ANTIVIRUS" set /A "A = 0x%byte1% & 0x08 if %A% EQU 8 set "status1=%status1% ANTISPYWARE" set /A "A = 0x%byte1% & 0x10 if %A% EQU 0x10 set "status1=%status1% INTERNET" set /A "A = 0x%byte1% & 0x20 if %A% EQU 0x20 set "status1=%status1% USER_ACCNT_CTRL" set /A "A = 0x%byte1% & 0x40 if %A% EQU 0x40 set "status1=%status1% SERVICE" set /A "A = 0x%byte1% & 0x02 if %A% EQU 2 set "status1=%status1%, AUTOUPDATED"
set "status2=UNKNOWN" set /A "A = 0x%byte2% & 0x18 if %A% EQU 0 set "status2=***disabled***" if %A% EQU 8 set "status2=***expired***" if %A% EQU 0x10 set "status2=ENABLED" if %A% EQU 0x18 set "status2=***snoozed***"
:: Check byte3 - bit 10h = outdated set "status3=UP-TO-DATE" set /A "A = 0x%byte3% & 0x10 if %A% EQU 0x10 set "status3=OUT-OF-DATE"
echo Type of antivirus :%status1%echo Scanning status : %status2%echo Virus definitions : %status3%goto :EOF
if exist t1.txt del t1.txtfor /f "tokens=2 delims=^=" %%G in (t.txt) do echo %%G>> t1.txtset count=0set File2Read=t1.txtfor /f "tokens=* delims=;#" %%a in ('Type "%File2Read%"') do ( set /a count+=1 set "Line[!count!]=%%a")if exist t.txt del t.txtif exist t1.txt del t1.txtREM Line[1] is name, Line[2] is state number
For /L %%i in (1,3,%count%) do ( set L=!Line[%%i]!REM Remove cr at end of string echo --- !L:~,-1! --- if "%%i"=="1" call :PrintStat !Line[3]! "!Line[2]!" if "%%i"=="4" call :PrintStat !Line[6]! "!Line[5]!" if "%%i"=="7" call :PrintStat !Line[9]! "!Line[8]!" if "%%i"=="10" call :PrintStat !Line[12]! "!Line[11]!" if "%%i"=="13" call :PrintStat !Line[15]! "!Line[14]!" if "%%i"=="16" call :PrintStat !Line[18]! "!Line[17]!" if "%%i"=="19" call :PrintStat !Line[21]! "!Line[20]!" if "%%i"=="22" call :PrintStat !Line[24]! "!Line[23]!" if "%%i"=="25" call :PrintStat !Line[27]! "!Line[26]!" echo.)ENDLOCALgoto :EOF
:PrintStatset L=%~2 & echo !L:~,-1!call cmd /c exit /b %1set "hex=%=exitcode%"set "hex=%hex:~2%"set "byte1=%hex:~0,2%"&set "byte2=%hex:~2,2%"&set "byte3=%hex:~4,2%"echo State=%1 (dec) : %byte1%-%byte2%-%byte3% (hex):: Check byte1:: bit 1 = firewall, 2=autoupdate, 4=AV, 8=antispyware, 10=internet settings, 20=user access control, 40=provider service set "status1=" if "%byte1%"=="00" set "status1=NONE" set /A "A = 0x%byte1% & 0x01 if %A% EQU 1 set "status1= FIREWALL" set /A "A = 0x%byte1% & 0x04 if %A% EQU 4 set "status1=%status1% ANTIVIRUS" set /A "A = 0x%byte1% & 0x08 if %A% EQU 8 set "status1=%status1% ANTISPYWARE" set /A "A = 0x%byte1% & 0x10 if %A% EQU 0x10 set "status1=%status1% INTERNET" set /A "A = 0x%byte1% & 0x20 if %A% EQU 0x20 set "status1=%status1% USER_ACCNT_CTRL" set /A "A = 0x%byte1% & 0x40 if %A% EQU 0x40 set "status1=%status1% SERVICE" set /A "A = 0x%byte1% & 0x02 if %A% EQU 2 set "status1=%status1%, AUTOUPDATED"
set "status2=UNKNOWN" set /A "A = 0x%byte2% & 0x18 if %A% EQU 0 set "status2=***disabled***" if %A% EQU 8 set "status2=***expired***" if %A% EQU 0x10 set "status2=ENABLED" if %A% EQU 0x18 set "status2=***snoozed***"
:: Check byte3 - bit 10h = outdated set "status3=UP-TO-DATE" set /A "A = 0x%byte3% & 0x10 if %A% EQU 0x10 set "status3=OUT-OF-DATE"
echo Type of antivirus :%status1%echo Scanning status : %status2%echo Virus definitions : %status3%goto :EOF
Google Sites
Report abuse