Checks anti-virus software (. NET) in the system)

First, we need to describe two concepts:
1. Windows Security Center
This concept seems to have started with Vista. It is a comprehensive platform integrating firewalls, system updates, and anti-virus software.

2.

Windows Management Instrumentation is a core Windows Management technology. You can use WMI to manage local and remote computers. WMI provides a continuous and consistent approach for daily management through programming and scripting languages. For example, you can:
• Start a process on a remote computer.
• Set a process to run on a specific date and time.
• Remotely start the computer.
• Obtain the list of installed programs for local or remote computers.
• Query Windows event logs of local or remote computers.
 
It is like a car dashboard.

View the wmi of the system. Open the command line as an administrator and enter wbemtest:

If you want to obtain anti-virus software in the system through the. NET program method, the most convenient is to query the root \ SecurityCenter Through WMI.
The Code is as follows:

String strWMIPath = @ "\" + Environment. MachineName + @ "\ root \ SecurityCenter ";
Try
{
ManagementObjectSearcher searcher = new ManagementObjectSearcher (strWMIPath, "SELECT * FROM AntivirusProduct ");
ManagementObjectCollection instances = searcher. Get ();
Foreach (ManagementObject queryObj in instances)
{
Console. WriteLine (queryObj ["instanceGuid"]. ToString ());
}
}
Catch (Exception e)
{
Console. WriteLine (e. Message );
}

 

However, this problem may actually occur:
Anti-virus software has been uninstalled, but can still be found.
There may be a variety of reasons, such as WMI damage, or the design of anti-virus software is not deleted (as if BitDefender is like this, with a BitDefender Oolong image:

).
The simple method is to manually delete it in wbemtest, but it is not a universal method after all.

But we can find that Windows Security Center does not have this type of oolong.

The reason is that Windows Security Center uses the double-layer detection method. One layer is manual detection, and the other layer is WMI. In manual detection mode, the Windows Security Center searches for the registry key value and files provided by a third-party vendor to Microsoft for identification. In WMI mode, the software manufacturer determines the running status of their products and returns them to Windows Security Center through the WMI Provider.

So we can check HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall to determine whether it is an installed SOFTWARE:

Public void getInstalledSWList ()
{
Microsoft. Win32.RegistryKey regKey = Microsoft. Win32.Registry. LocalMachine;
Microsoft. Win32.RegistryKey subKey1 = regKey. OpenSubKey ("SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall ");
String [] subKeyNames = subKey1.GetSubKeyNames ();

Foreach (string subKeyName in subKeyNames)
{
Microsoft. Win32.RegistryKey subKey2 = subKey1.OpenSubKey (subKeyName );

If (ValueNameExists (subKey2.GetValueNames (), "DisplayName") & ValueNameExists (subKey2.GetValueNames (), "DisplayVersion "))
{
// Get the installed software list in windows through subKey2.GetValue ("DisplayName"). ToString ()
}
SubKey2.Close ();
}
SubKey1.Close ();
}

Private bool ValueNameExists (string [] valueNames, string valueName)
{
Foreach (string s in valueNames)
{
If (s. ToLower () = valueName. ToLower () return true;
}

Return false;
}

In this way, the solution is complete.

WMI functions seem quite powerful.