Discussion:
Security Center WMI data provider
(too old to reply)
Jeremy Drake
2009-05-07 21:34:01 UTC
Permalink
I'm working on an AV and firewall product, and am looking for information
about the new reporting mechanism for the security center (now "Action
Center") in Windows 7. The RC says that my antivirus product is on "but is
reporting its status to Windows Security Center in a format that is no longer
supported." I am looking for any information about how to provide the
information in a supported manner.

The closest thing I found online is a mention that Vista SP1 added a new
root\SecurityCenter2 namespace
(http://social.technet.microsoft.com/Forums/en-US/Forefrontclientgeneral/thread/80527cd5-5acd-414e-96fd-a21578b362a2).
I have attempted to use the wbemtest tool to create an instance of
AntiVirusProduct and FirewallProduct in that namespace, but the security
center does not show any information from them, and the instances go away if
I exit and restart the wbemtest tool.

I am guessing the specific information I need is documentation of the
pathToSignedReportingExe and productState properties. For the Windows
Defender instance, these are %SystemRoot%\System32\svchost.exe and 0x41100
(also seen 0x61100) respectively.

BTW, I had some difficulties trying to get to the managed newsgroups
configuration site to set up an alias, but the error page told me I could use
this alias temporarily. I used the support form to report the error, but I
want to make sure it is known that I am a subscriber, because Google has
turned up questions similar to this online that went unanswered during the
XPSP2 and Vista development of data providers.

Thanks,
Jeremy
Jialiang Ge [MSFT]
2009-05-08 03:25:33 UTC
Permalink
Hello Jeremy

According to the issue description, you are requesting the details about
how to get an AV product to report its status to Widows Security Center. As
far as I know, Microsoft distributes guidance about how applications from
ISVs can report status to Windows Security Center under a nondisclosure
agreement (NDA). To request details about how to participate in this ISV
program, you would need to send an mail to ***@microsoft.com. The
guidance will be available for the Microsoft Windows XP SP2 or Microsoft
Windows Vista operating system. Please also try this mail address to
request the info about the change in Win7.

===============
Relevant KB article:
===============
Frequently asked questions about Windows Security Center
http://support.microsoft.com/kb/883792

<quote>
Q: How does Windows Security Center detect third-party products and their
status?
A: In Windows XP SP2 and in later versions, Windows Security Center uses a
two-tiered approach for detection status. One tier is manual, and the other
tier is automatic through Windows Management Instrumentation (WMI). In
manual detection mode, Windows Security Center searches for registry keys
and files that are provided to Microsoft by independent software
manufacturers. These registry keys and files let Windows Security Center
detect the status of independent software. In WMI mode, software
manufacturers determine their own product status and report that status
back to Windows Security Center through a WMI provider. In both modes,
Windows Security Center tries to determine whether the following is true:
An antivirus program is present.
The antivirus signatures are up to date.
Real-time scanning or on-access scanning is turned on for antivirus
programs.
For firewalls, Windows Security Center detects whether a third-party
firewall is installed and whether the firewall is turned on or not.
In Windows Vista, Windows Security center no longer uses the manual
detection mode. All third-party products report their states into WMI. In
addition, in Windows Vista Windows Security Center also determines whether
the following is true:
An antispyware program is present.
The antispyware signatures are up to date.
</quote>

Regards,
Jialiang Ge (***@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
***@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

MSDN Managed Newsgroup support offering is for non-urgent issues where an
initial response from the community or a Microsoft Support Engineer within
2 business day is acceptable. Please note that each follow up response may
take approximately 2 business days as the support professional working with
you may need further investigation to reach the most efficient resolution.
The offering is not appropriate for situations that require urgent,
real-time or phone-based interactions. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Continue reading on narkive:
Loading...