netinvent / windows_tools

Collection of various interfaces for Windows functionality in a Pythonic way

BSD 3-Clause "New" or "Revised" License

63 stars 15 forks source link

antivirus: defender update and active status #2

Closed sajjadhossanshimanto closed 3 years ago

sajjadhossanshimanto commented 3 years ago

added antivirus active status and defender update status determine for wmi "SecurityCenter" query products

sajjadhossanshimanto commented 3 years ago

windows_tools.antivirus.get_installed_antivirus_software()# now vs previous now:[ {'Definition Status': 'Unknown', 'Real-time Protection': 'Unknown', 'name': 'Windows Defender' }, {'Definition Status': 'Up to date', 'Real-time Protection': 'Enabled', 'name': 'Avast Antivirus' }, {'name': 'Avast Premium Security', 'publisher': 'Avast Software', 'version': '21.4.2464' } ]

previous:[ {'name': 'Windows Defender' }, {'name': 'Avast Antivirus' }, {'name': 'Avast Premium Security', 'publisher': 'Avast Software', 'version': '21.4.2464' } ]

sajjadhossanshimanto commented 3 years ago

Sir, In order to use securitycenter_get_product_*() functions we need the status code. But get_installed_antivirus_software function is not producing the status code

deajan commented 3 years ago

The WMI call windows_tools.wmi_queries.query_wmi('SELECT FROM AntivirusProduct', namespace='SecurityCenter') gives the state. Instead of using your predefined antivirus_state dict, you must use the `securitycenter_getproduct()` functions to decode the state, because it's more versatile, and is not redundant.

sajjadhossanshimanto commented 3 years ago

yes sir, I should use securitycenter_get_product_*() functions but

how a normal user ( those who useally doesn't inspect through downloaded modules ) would know "what query string is to use and how" !!
also in terms of performance is it not obvious to repeat the same task

codecov[bot] commented 3 years ago

Codecov Report

Merging #2 (58bf4a0) into master (d233f1e) will increase coverage by 0.01%. The diff coverage is 50.00%.

@@            Coverage Diff             @@
##           master       #2      +/-   ##
==========================================
+ Coverage   78.73%   78.74%   +0.01%     
==========================================
  Files          38       38              
  Lines        1754     1755       +1     
==========================================
+ Hits         1381     1382       +1     
  Misses        373      373

Impacted Files	Coverage Δ
windows_tools/antivirus/__init__.py	`84.74% <50.00%> (+0.26%)`	:arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update d233f1e...58bf4a0. Read the comment docs.

deajan commented 3 years ago

Sorry, but I think you misunderstood the way this works. I have added what you are seeking in commit https://github.com/netinvent/windows_tools/commit/634d0f26c698cd5d3bb072e682332f8122128665 but with boolean results instead of strings. Also, there is no need to know any query string nor repeat any operation.

Best regards.

Results now:

[{ 'name': 'Windows Defender', 'enabled': False, 'is_up_to_date': True, 'type': 'Windows Defender / Security Essentials' }, { 'name': 'Malwarebytes version 4.4.0.117', 'version': '4.4.0.117', 'publisher': 'Malwarebytes' } ]

Results with earlier version: [{ 'name': 'Windows Defender' }, { 'name': 'Malwarebytes version 4.4.0.117', 'version': '4.4.0.117', 'publisher': 'Malwarebytes' } ]