HomePage > Scripts > Search Installed Software

Search Installed Software

Tags:  
So I received this question in the mail:

I have a simple query: How can i query for ONLY the antivirus product from windows 2000 clients? Note that I don't want a list of all products. I have used \\root\securitycenter PATH AntivirusProduct to query for XP upwards, but cannot do for 2k. 

I wrote an answer that looked a lot like the one below (I've added a few things here on the web page). Having written it, I realize this could be useful for locating any kind of process or installed software, so I thought I'd drop it into the wiki.

You’re right, you can’t query securitycenter for W2000 (it didn’t exist!). And I can’t think of any other WMI query that is specific to antimalware products. So I guess one approach would be a vbscript which looks for certain strings in installed product names, like so: 
Option Explicit
Dim strComputer, oWMIquery, colWMIResult, oWMIitem
strComputer = "."
Set oWMIquery = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colWMIResult = oWMIquery.InstancesOf("Win32_Product")
For Each oWMIitem in colWMIResult
  If InStr(oWMIitem.Name, "AntiVirus") > 0 Then Wscript.Echo oWMIitem.Name & " " & oWMIitem.Version
  If InStr(oWMIitem.Name, "AntiMalware") > 0 Then Wscript.Echo oWMIitem.Name & " " & oWMIitem.Version
  If InStr(oWMIitem.Name, "TrendMicro") > 0 Then Wscript.Echo oWMIitem.Name & " " & oWMIitem.Version
Next
Between the FOR and NEXT statements you could put in as many strings to match as you like, one per line. Just change the part in the quotes. Here I illustrate three possible strings, “AntiVirus”, “AntiMalware”, and “TrendMicro”. If you need to see a list of installed products, just remove all of the italicised text in the above script.

Also strComputer can be changed to whatever the name of the target computer is. The “.” as shown will query the local computer.

It would be possible to write a query for certain strings with WQL (and yes those do work within WMIC), but it is a bit of a pain, especially if you have to search for multiple strings; vbscript is a bit easier for tasks like this.

Note that the above query would only return a list of installed antivirus products that had those strings in their names. What if you wanted to check whether or not those AV products were actually running? After all, an installed program may not be running, and vice-versa. It would be almost the same script, just querying a different WMI object:
Option Explicit
Dim strComputer, oWMIquery, colWMIResult, oWMIitem
strComputer = "."
Set oWMIquery = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colWMIResult = oWMIquery.InstancesOf("Win32_Process")
For Each oWMIitem in colWMIResult
  If InStr(oWMIitem.Name, "someAVprogram.exe") > 0 Then Wscript.Echo oWMIitem.Name 
Next
Since this query returns only the .exe name of the running processes, you’d have to know that (rather than its longer product name) to query for it within the For-Next loop. If you need to see all of the processes running, just remove the italicised text.

I kind of enjoy questions like this. Feel free to send in your own - just click the 'quux' link below.


0 Comments  Show recent to old
Post a comment

 RSS of this page