Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Antivirus listing

from [Debasis Mohanty] Network Security [Permanent Link]
Subject: RE: Antivirus listing
Date: Sat, 12 Feb 2005 00:09:12 +0530 
There are many ways that you can achieve it. I doubt if there is any single
API (correct me if I am wrong) which can enumerates all the installed AVs.
Most of the cases an AV will prompt you to un-install previously installed
AVs before installing. One such classic example is Symantec and McAfee, both
are mutually exclusive ;). But in your case assuming that you have more than
one AV, there are many ways you can enumerate the list of AVs installed.
Find below various possible ways: 

First you need to create a list of various entries being made by the AV in
the system when they gets installed. i.e. entries in the registry, service
control manager, local folders etc etc... 

Then you can follow either of the below given options - 

1.      Enumerating Services and Searching for those entries
        Use APIs like "OpenSCManager" and "EnumServicesStatus"

2.      Enumerating Registry Keys and searching for those entries
        Look for Installed Avs here "HKLM\Software" . 
        Use APIs like "RegEnumKey"

3.      Enumerating Browser Helper Objects and look for those entries

4.      Enumerating Running Services 
        "EnumWindows" or "Toolhelp32Snapshot"

5.      Looking for Installed Components and look for those entries
        Use "FindFirstFile" or "FindFile"       

And there are many more like this but all of them are more or less same. It
all depends which one you choose. In my opinion, option 1 and 2 are better
ideas. 

Refer MSDN incase you need to have more ideas about the above APIs. 


Regards, 
Debasis Mohanty
www.hackingspirits.com  

-----Original Message-----
From: weninson rêgo [mailto:watchachi@gmx.de] 
Sent: Friday, February 11, 2005 6:14 PM
To: secprog@securityfocus.com
Subject: Antivirus listing

Hi,

   I dont know if this is the right list to send this but.
   Anyone know if there is an API to list the antivirus that are installed
in a windows machine and retrieve if the antivirus is up to date? Or any way
to retrieve these informations, i need to do a program to acomplish these
tasks.
   I've searched all sites but got none yet. Only OPSWAT SDK but it is a
payd SDK.


Thanks in advance

--
Lassen Sie Ihren Gedanken freien Lauf... z.B. per FreeSMS GMX bietet bis zu
100 FreeSMS/Monat: http://www.gmx.net/de/go/mail
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Antivirus listing, Wesley Shields
Next by Date:  Re: Antivirus listing, Slawek
Previous by Thread:  Re: Antivirus listing, Wesley Shields
Next by Thread:  Re: Antivirus listing, Slawek
Indexes:  [Date] [Thread] [Top] [All Lists]