lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: mail at hackingspirits.com (Debasis Mohanty)
Subject: Antivirus listing

There are many ways that you can achieve it. I doubt if there is any single
API (correct me if I am wrong) which can enumerates all the installed AVs.
Most of the cases an AV will prompt you to un-install previously installed
AVs before installing. One such classic example is Symantec and McAfee, both
are mutually exclusive ;). But in your case assuming that you have more than
one AV, there are many ways you can enumerate the list of AVs installed.
Find below various possible ways: 

First you need to create a list of various entries being made by the AV in
the system when they gets installed. i.e. entries in the registry, service
control manager, local folders etc etc... 

Then you can follow either of the below given options - 

1.	Enumerating Services and Searching for those entries
	Use APIs like "OpenSCManager" and "EnumServicesStatus"

2.	Enumerating Registry Keys and searching for those entries
	Look for Installed Avs here "HKLM\Software" . 
	Use APIs like "RegEnumKey"

3.	Enumerating Browser Helper Objects and look for those entries

4.	Enumerating Running Services 
	"EnumWindows" or "Toolhelp32Snapshot"

5. 	Looking for Installed Components and look for those entries
	Use "FindFirstFile" or "FindFile"	

And there are many more like this but all of them are more or less same. It
all depends which one you choose. In my opinion, option 1 and 2 are better
ideas. 

Refer MSDN incase you need to have more ideas about the above APIs. 


Regards, 
Debasis Mohanty
www.hackingspirits.com 
 

-----Original Message-----
From: full-disclosure-bounces@...ts.netsys.com
[mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf Of weninson r?go
Sent: Friday, February 11, 2005 6:14 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Antivirus listing

Hi,

   Anyone know if there is an API to list the antivirus that are installed
in a windows machine and retrieve if the antivirus is up to date? Or any way
to retrieve these informations, i need to do a program to acomplish these
tasks.
   I've searched all sites but got none yet. Only OPSWAT SDK but it is a
payd SDK.


Thanks in advance

--
DSL Komplett von GMX +++ Superg|nstig und stressfrei einsteigen!
AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ