public bool check_symantec_av_exist() { definfo_path = @"C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\definfo.dat"; //Console.WriteLine(OS_System_Type); //Console.WriteLine(definfo_path); try { string[] lines = System.IO.File.ReadAllLines(@".\\SYMANTEC_SEP_PATH.txt"); foreach (string line in lines) { definfo_path = line + "\\definfo.dat"; } } catch (Exception e) { Log_Writter.write_to_log_AVdebug("SYMANTEC_SEP_PATH.txt is not find, using the default path C:\\ProgramData\\Symantec\\Symantec Endpoint Protection\\12.1.2015.2015.105\\Data\\Definitions\\VirusDefs\\definfo.dat. More Error info : " + e.ToString()); } if (File.Exists(definfo_path)) { return(true); } else { return(false); } }
public int FrameworkVersion() { try { //bool tempbool = CheckDotNETVersion(NetFrameworkInstallationPath, 2); //Console.WriteLine("dont net version 2 is installed " + tempbool); return(getHighestVersion(NetFrameworkInstallationPath)); } catch (SecurityException e) { log_Writter.write_to_log_AVdebug("Unable to allocated the .Net Framework Version, the program might not work properly " + e.ToString()); return(-1); } }
public bool aS_Definition_is_OutOfDate(int day_difference) { if (retrive_InstallLocation_Key() != null & ASSignatureApplied_regkey_value == null) { return(true); } if (ASSignatureApplied_regkey_value != null) { try { byte[] bytes = (byte[])ASSignatureApplied_regkey_value; long seconds = bytes[7] * (long)Math.Pow(2, 56) + bytes[6] * (long)Math.Pow(2, 48) + bytes[5] * (long)Math.Pow(2, 40) + bytes[4] * (long)Math.Pow(2, 32) + bytes[3] * (long)Math.Pow(2, 24) + bytes[2] * (long)Math.Pow(2, 16) + bytes[1] * (long)Math.Pow(2, 8) + bytes[0]; double days = seconds / (1e7 * 86400); DateTime date = new DateTime(1601, 1, 1); date = date.AddDays(days); if ((DateTime.Now - date).Days >= day_difference) { return(true); } else { return(false); } } catch (Exception e) { if (debug_switch == 1) { log_Writter.write_to_log_AVdebug("There is something wrong with regKey for microsoft FCS malware, error info " + e.ToString()); } return(false); } } else { if (debug_switch == 1) { log_Writter.write_to_log_AVdebug("The ReKey for Microsoft FCS malware doesnt exits, error info, Please manully check the regKey"); } return(false); } }
public Sophos_AV() { try { key_Handler = new RegKey_Handler(); LastUpdateTime = key_Handler.Retrive_Sophos_RegKey_REGBINARY("LastUpdateTime"); Result = key_Handler.Retrive_Sophos_RegKey_REGBINARY("Result"); log_Writter = new Win_Log_Writter(); } catch (Exception e) { log_Writter.write_to_log_AVdebug("Unable to retrive the regkey, the Program for MS SEP might not work properly " + e.ToString()); } }
public MS_FEP2010() { log_Writter = new Win_Log_Writter(); try { key_Handler = new RegKey_Handler(); AVSignatureApplied_regkey_value = key_Handler.Retrive_FEP_RegKey_REGBINARY("AVSignatureApplied"); ASSignatureApplied_regkey_value = key_Handler.Retrive_FEP_RegKey_REGBINARY("ASSignatureApplied"); } catch (Exception e) { log_Writter.write_to_log_AVdebug("Error reading the registry key: " + e.ToString()); } }
public MS_SCEP2012(int debug) { debug_switch = debug; try { key_Handler = new RegKey_Handler(); AVSignatureApplied_regkey_value = key_Handler.Retrive_FEP_RegKey_REGBINARY("AVSignatureApplied"); ASSignatureApplied_regkey_value = key_Handler.Retrive_FEP_RegKey_REGBINARY("ASSignatureApplied"); log_Writter = new Win_Log_Writter(); } catch (Exception e) { log_Writter.write_to_log_AVdebug("Unable to retrive the regkey, the Program for MS SEP might not work properly " + e.ToString()); } }
public bool aV_Definition_is_OutOfDate(int day_difference) { DateTime unix_date = UnixTimeStampToDateTime(Convert.ToDouble(LastUpdateTime)); try { if ((DateTime.Now - unix_date).Days >= day_difference) { return(true); } else { return(false); } } catch (Exception e) { log_Writter.write_to_log_AVdebug("There is something wrong with regKey for microsoft Anti-virus, error info " + e.ToString()); return(false); } }
public void Check_the_OS_Version() { try { OperatingSystem os = Environment.OSVersion; Version vs = os.Version; ManagementScope scope = new ManagementScope("\\\\.\\ROOT\\cimv2"); ObjectQuery query = new ObjectQuery("SELECT * FROM Win32_ComputerSystem"); ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query); ManagementObjectCollection queryCollection = searcher.Get(); foreach (ManagementObject m in queryCollection) { mo = m; } OS_System_Type = mo["systemtype"].ToString(); } catch (Exception e) { Win_Log_Writter Log_Writter = new Win_Log_Writter(); Log_Writter.write_to_log_AVdebug("Error to check the OS Version " + e.ToString()); } }
public object Retrive_FEP_RegKey_REGBINARY(string key_name) { try { key = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Microsoft Antimalware\\Signature Updates\\"); Type type = typeof(RegistryKey); FieldInfo fi = type.GetField( "hkey", BindingFlags.NonPublic | BindingFlags.Instance); SafeHandle handle = (SafeHandle)fi.GetValue(key); IntPtr realHandle = handle.DangerousGetHandle(); int errorCode = RegDisableReflectionKey(handle.DangerousGetHandle()); value1 = key.GetValue(key_name); return(value1); } catch (Exception e) { Log_Writter.write_to_log_AVdebug("Registery Read failed for Microsoft End Point Protection, if this software is not installed, you can safely ignore this message"); return(null); } }
public bool aV_Definition_is_OutOfDate(int day_difference) { if (check_symantec_av_exist()) { string[] lines = new string[3]; int lines_index = 0; //= System.IO.File.ReadAllLines(definfo_path); try { // Create an instance of StreamReader to read from a file. // The using statement also closes the StreamReader. using (StreamReader sr = new StreamReader(definfo_path)) { String line; // Read and display lines from the file until the end of // the file is reached. while ((line = sr.ReadLine()) != null) { lines[lines_index] = line; lines_index++; } } } catch (Exception e) { // Let the user know what went wrong. Log_Writter.write_to_log_AVdebug("definfo.dat File is not in correct format please check or doest exists" + e.ToString()); return(false); //Console.WriteLine(e.Message); } // Console.ReadLine(); curDefs = lines[1]; } else { Log_Writter.write_to_log_AVdebug("The definfo.dat file does not exists, please check the installation of Symantec Anti-virus"); return(false); } //Console.WriteLine("this is it" + curDefs); if (curDefs != null) { //Console.WriteLine("format!!!! "+curDefs); curDefs_year = curDefs.Substring(8, 4); curDefs_month = curDefs.Substring(12, 2); curDefs_day = curDefs.Substring(14, 2); curDefs_rev = curDefs.Substring(17, 3); try { curDefs_year_int = Convert.ToInt32(curDefs_year); // Console.WriteLine("curDefs_year_int" + curDefs_year_int); curDefs_month_int = Convert.ToInt32(curDefs_month); // Console.WriteLine("curDefs_month_int" + curDefs_month_int); curDefs_day_int = Convert.ToInt32(curDefs_day); // Console.WriteLine("curDefs_day" + curDefs_day); // Console.WriteLine("curDefs_day_int" + curDefs_day_int); // Console.WriteLine("coverting test is " + Convert.ToInt32("10")); // Console.ReadLine(); dt = new DateTime(curDefs_year_int, curDefs_month_int, curDefs_day_int); // Console.WriteLine("datetime current is " + DateTime.Now); // Console.WriteLine("datatime of av is " + dt.ToString()); // Console.WriteLine( "test difference"+ (DateTime.Now - dt).TotalDays); if ((DateTime.Now - dt).TotalDays >= day_difference) { Log_Writter.write_to_log_Error("Anti-virus definition is more than " + day_difference + " days old, please contact administrator to review the anti-virus definitions"); return(true); } else { //Console.WriteLine("this is NOT out of the date"); Log_Writter.write_to_log_info("Anti-virus definition is less than " + day_difference + " days old, No Action is required "); return(false); } } catch (Exception e) { Log_Writter.write_to_log_AVdebug("Script is not working with following error : " + e.ToString()); return(false); } } return(false); }