https://support.moonpoint.com/os/windows/commands/wmic/determine-antivirus.php
From above I got
C:\>wmic /namespace:\\root\SecurityCenter2 path AntiVirusProduct get * /value
Which seems to detect when 360 Total Security if on/off:
- When 360 is off,
productState=335872
displayName=Windows Defender
instanceGuid={D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
pathToSignedProductExe=windowsdefender://
pathToSignedReportingExe=%ProgramFiles%\Windows Defender\MsMpeng.exe
productState=393472
timestamp=Mon, 09 May 2022 04:41:04 GMT
displayName=360 Total Security
instanceGuid={FFDC234A-CE9B-08F9-406B-F876951CE066}
pathToSignedProductExe=C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
pathToSignedReportingExe=C:\Program Files (x86)\360\Total Security\safemon\WscReg.exe
productState=335872
timestamp=Thu, 19 May 2022 15:00:35 GMT
- When 360 is on,
productState=331776
displayName=Windows Defender
instanceGuid={D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
pathToSignedProductExe=windowsdefender://
pathToSignedReportingExe=%ProgramFiles%\Windows Defender\MsMpeng.exe
productState=393472
timestamp=Mon, 09 May 2022 04:41:04 GMT
displayName=360 Total Security
instanceGuid={FFDC234A-CE9B-08F9-406B-F876951CE066}
pathToSignedProductExe=C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
pathToSignedReportingExe=C:\Program Files (x86)\360\Total Security\safemon\WscReg.exe
productState=331776
timestamp=Thu, 19 May 2022 15:10:30 GMT
Is this a good approach to check status of 360, and other anti-virus?
Perhaps I should also ask, where can I read more about meaning of productState?
I am planning to use something like this on a QTIFW installer for a Qt5 project on Windows to inform the user anti-virus should be disabled during installation.
The d3dcompiler_47.dll is the file 360 flags.
Another approach might be cited here, which involves playing with
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
