' CheckSecurity.vbs - Security Product Detection ' ' - by Nick @ FoolishIT.com [Foolish IT LLC] ' - Official Download: https://download.foolishit.com/BatchFiles/CheckSecurity.vbs.txt ' ' to test on a remote system, set strComp = TheComputerNameOfTheRemoteSystem ' script will fail if you don't have permission to query the system Dim strComp, iAVCount, iFWCount, iASCount, sAV, sFW, sAS, bXP strComp = "." Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComp & "\root\cimv2") Set colOperatingSystems = objWMIService.ExecQuery ("Select * from Win32_OperatingSystem") For Each objOperatingSystem in colOperatingSystems if instr(objOperatingSystem.Caption, "XP") <> 0 then call XPSub bXP = True else call VistaSub bXP = False end if Next select case iAVCount case 0 sAVMsg = "WARNING - No AntiVirus Product Detected!" & vbnewline & vbnewline case 1 sAVMsg = "AntiVirus Product: " & sAV & vbnewline & vbnewline case else sAVMsg = "WARNING - " & iAVCount & " AntiVirus Products Detected:" & vbnewline & vbtab & sAV & vbnewline & vbnewline end select if bXP = False then select case iASCount case 0 sASMsg = "WARNING - No AntiSpyware Product Detected!" & vbnewline & vbnewline case 1 sASMsg = "AntiSpyware Product: " & sAS & vbnewline & vbnewline case else sASMsg = "WARNING - " & iASCount & " AntiSpyware Products Detected:" & vbnewline & vbtab & sAS & vbnewline & vbnewline end select end if select case iFWCount case 0 sFWMsg = "No 3rd Party Firewall Detected." & vbnewline & vbnewline case 1 sFWMsg = "Firewall Product: " & sFW & vbnewline & vbnewline case else sFWMsg = "WARNING - " & iFWCount & " Firewall Products Detected:" & vbnewline & vbtab & sFW & vbnewline & vbnewline end select Msgbox sAVMsg & sASMsg & sFWMsg, , "Security Product Detection VBS by Foolish IT" Sub VistaSub Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComp & "\root\SecurityCenter2") Set colAVItems = oWMI.ExecQuery("Select * from AntiVirusProduct") For Each objAntiVirusProduct In colAVItems If LenB(objAntiVirusProduct.DisplayName) > 1 Then sAVState = right(hex(objAntiVirusProduct.productstate), 4) if left(sAVState, 1) = "1" then sAVActive = "Enabled" else sAVActive = "Disabled" end if if mid(sAVState, 3, 1) = "0" then sAVCurrent = "Up to Date" else sAVCurrent = "Outdated!" end if if lenb(sAV) < 1 then ' only one here sAV = objAntiVirusProduct.DisplayName & " (" & sAVActive & ", " & sAVCurrent & ")" iAVCount = 1 else ' multiple products end up here sAV = sAV & vbnewline & vbtab & objAntiVirusProduct.DisplayName & " (" & sAVActive & ", " & sAVCurrent & ")" iAVCount = iAVCount + 1 End if End if Next Set colASItems = oWMI.ExecQuery("Select * from AntiSpywareProduct") For Each objAntiSpywareProduct In colASItems If LenB(objAntiSpywareProduct.DisplayName) > 1 Then sASState = right(hex(objAntiSpywareProduct.productstate), 4) if left(sASState, 1) = "1" then sASActive = "Enabled" else sASActive = "Disabled" end if if mid(sASState, 3, 1) = "0" then sASCurrent = "Up to Date" else sASCurrent = "Outdated!" end if if lenb(sAS) < 1 then ' only one here sAS = objAntiSpywareProduct.DisplayName & " (" & sASActive & ", " & sASCurrent & ")" iASCount = 1 else ' multiple products end up here sAS = sAS & vbnewline & vbtab & objAntiSpywareProduct.DisplayName & " (" & sASActive & ", " & sASCurrent & ")" iASCount = iASCount + 1 End if End if Next Set colFWItems = oWMI.ExecQuery("Select * from FirewallProduct") For Each objFirewallProduct In colFWItems If LenB(objFirewallProduct.DisplayName) > 1 Then sFWState = right(hex(objFirewallProduct.productstate), 4) if left(sFWState, 1) = "1" then sFWActive = "Enabled" else sFWActive = "Disabled" end if if lenb(sFW) < 1 then ' only one here sFW = objFirewallProduct.DisplayName & " (" & sFWActive & ")" iFWCount = 1 else ' multiple products end up here sFW = sFW & vbnewline & vbtab & objFirewallProduct.DisplayName & " (" & sFWActive & ")" iFWCount = iFWCount + 1 End if End if Next end sub sub XPSub Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComp & "\root\SecurityCenter") Set colAVItems = oWMI.ExecQuery("Select * from AntiVirusProduct") For Each objAntiVirusProduct In colAVItems If LenB(objAntiVirusProduct.DisplayName) > 1 Then if objAntiVirusProduct.onAccessScanningEnabled = True then sAVActive = "Enabled" else sAVActive = "Disabled" end if if objAntiVirusProduct.productUpToDate = true then sAVCurrent = "Up to Date" else sAVCurrent = "Outdated!" end if if lenb(sAV) < 1 then ' only one antivirus here sAV = objAntiVirusProduct.DisplayName & " (" & sAVActive & ", " & sAVCurrent & ")" iCount = 1 else ' multiple antivirus ends up here sAV = sAV & vbnewline & objAntiVirusProduct.DisplayName & " (" & sAVActive & ", " & sAVCurrent & ")" iCount = iCount + 1 End if End if Next Set colFWItems = oWMI.ExecQuery("Select * from FirewallProduct") For Each objFirewallProduct In colFWItems If LenB(objFirewallProduct.DisplayName) > 1 Then if objFirewallProduct.enabled = True then sFWActive = "Enabled" else sFWActive = "Disabled" end if if lenb(sFW) < 1 then ' only one here sFW = objFirewallProduct.DisplayName & " (" & sFWActive & ")" iFWCount = 1 else ' multiple PRODUCTS end up here sFW = sFW & vbnewline & vbtab & objFirewallProduct.DisplayName & " (" & sFWActive & ")" iFWCount = iFWCount + 1 End if End if Next end sub