[研究][BAT, PowerShell]顯示Windows Defender版本 (Windows 10、Windows Server 2019)
2024-03-31
Windows 10
C:\>Reg Query "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" /v EngineVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates EngineVersion REG_SZ 1.1.24020.9 C:\>Reg Query "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" /v AVSignatureVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates AVSignatureVersion REG_SZ 1.407.837.0 C:\>Reg Query "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" /v SignaturesLastUpdated HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates SignaturesLastUpdated REG_BINARY 4053753C1483DA01 C:\> |
********************************************************************************
Windows Server 2019
C:\>Reg Query "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" /v EngineVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates EngineVersion REG_SZ 1.1.24020.9 C:\>Reg Query "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" /v AVSignatureVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates AVSignatureVersion REG_SZ 1.407.860.0 C:\>Reg Query "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" /v SignaturesLastUpdated HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates SignaturesLastUpdated REG_BINARY 78BCCB9FC083DA01 C:\> |
Windows Server 2019
C:\>Reg Query "HKLM\SOFTWARE\Microsoft\Windows Defender" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender ProductAppDataPath REG_SZ C:\ProgramData\Microsoft\Windows Defender ProductLocalizedName REG_EXPAND_SZ @%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 ProductType REG_DWORD 0x2 InstallTime REG_BINARY 76AD4B991B87D601 InstallLocation REG_SZ C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\ ProductStatus REG_DWORD 0x0 OOBEInstallTime REG_BINARY CB846CC81B87D601 ManagedDefenderProductType REG_DWORD 0x0 DisableAntiSpyware REG_DWORD 0x0 DisableAntiVirus REG_DWORD 0x0 BackupLocation REG_SZ C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0 HybridModeEnabled REG_DWORD 0x0 VerifiedAndReputableTrustModeEnabled REG_DWORD 0x0 RpcServerUseEndpointMapper REG_DWORD 0x0 IsServiceRunning REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\CoreService HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Device Control HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Diagnostics HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\DLP Configs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\DLP Websites HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Miscellaneous Configuration HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\MpEngine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\MpWatchDog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\NIS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Remediation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Reporting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Threats HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\UX Configuration HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\WCOS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard C:\> |
Windows Server 2019 PowerShell
Windows PowerShell 著作權 (C) Microsoft Corporation. 著作權所有,並保留一切權利。 PS C:\Users\Administrator> Get-MpComputerStatus AMEngineVersion : 1.1.24020.9 AMProductVersion : 4.18.24020.7 AMRunningMode : Normal AMServiceEnabled : True AMServiceVersion : 4.18.24020.7 AntispywareEnabled : True AntispywareSignatureAge : 0 AntispywareSignatureLastUpdated : 2024/4/1 上午 01:20:29 AntispywareSignatureVersion : 1.407.860.0 AntivirusEnabled : True AntivirusSignatureAge : 0 AntivirusSignatureLastUpdated : 2024/4/1 上午 01:20:28 AntivirusSignatureVersion : 1.407.860.0 BehaviorMonitorEnabled : True ComputerID : C52B17C8-3C04-443F-B2D2-E2B3242BA540 ComputerState : 0 DefenderSignaturesOutOfDate : False DeviceControlDefaultEnforcement : DeviceControlPoliciesLastUpdated : 2023/3/27 上午 08:00:13 DeviceControlState : Disabled FullScanAge : 4294967295 FullScanEndTime : FullScanOverdue : False FullScanRequired : False FullScanSignatureVersion : FullScanStartTime : InitializationProgress : ServiceStartedSuccessfully IoavProtectionEnabled : True IsTamperProtected : False IsVirtualMachine : False LastFullScanSource : 0 LastQuickScanSource : 2 NISEnabled : True NISEngineVersion : 1.1.24020.9 NISSignatureAge : 0 NISSignatureLastUpdated : 2024/4/1 上午 01:20:28 NISSignatureVersion : 1.407.860.0 OnAccessProtectionEnabled : True ProductStatus : 524288 QuickScanAge : 0 QuickScanEndTime : 2024/4/1 上午 06:31:50 QuickScanOverdue : False QuickScanSignatureVersion : 1.407.844.0 QuickScanStartTime : 2024/4/1 上午 05:43:45 RealTimeProtectionEnabled : True RealTimeScanDirection : 0 RebootRequired : False SmartAppControlExpiration : SmartAppControlState : Off TamperProtectionSource : N/A TDTCapable : N/A TDTMode : N/A TDTSiloType : N/A TDTStatus : N/A TDTTelemetry : N/A TroubleShootingDailyMaxQuota : TroubleShootingDailyQuotaLeft : TroubleShootingEndTime : TroubleShootingExpirationLeft : TroubleShootingMode : TroubleShootingModeSource : TroubleShootingQuotaResetTime : TroubleShootingStartTime : PSComputerName : PS C:\Users\Administrator> |
以下是各個參數的縮寫以及它們的意義:
1. AMEngineVersion
縮寫:AM 代表 AntiMalware(反惡意軟件)。
意義:這是 Microsoft Defender 反惡意軟件引擎的版本號,負責惡意軟件偵測和掃描。
2. AMProductVersion
縮寫:AM 代表 AntiMalware(反惡意軟件)。
意義:這是 Microsoft Defender 反惡意軟件產品的版本號,表示產品整體的版本資訊。
3. AMServiceVersion
縮寫:AM 代表 AntiMalware(反惡意軟件)。
意義:這是 Microsoft Defender 反惡意軟件服務的版本號,與產品相關的後台服務元件版本。
4. AntispywareSignatureVersion
縮寫:Antispyware 指的是AntiSpyware(反間諜軟件)。
意義:這是 反間諜軟件簽名檔版本,專門用來偵測和防止間諜軟件。
5. AntivirusSignatureVersion
縮寫:Antivirus 指的是AntiVirus(防毒軟件)。
意義:這是 防毒簽名檔版本,用來偵測和防禦已知的病毒和惡意軟件。
6. FullScanSignatureVersion
縮寫:FullScan 指的是Full Scan(完整掃描)。
意義:這是執行 完整系統掃描時使用的簽名檔版本,針對所有文件進行深入掃描。
7. NISEngineVersion
縮寫:NIS 代表 Network Inspection System(網路檢查系統)。
意義:這是 網路檢查系統引擎的版本號,負責檢測網路層面的惡意攻擊或威脅。
8. NISSignatureVersion
縮寫:NIS 代表 Network Inspection System(網路檢查系統)。
意義:這是 網路檢查系統簽名檔版本,用來偵測和防禦來自網路的威脅。
9. QuickScanSignatureVersion
縮寫:QuickScan 指的是Quick Scan(快速掃描)。
意義:這是執行 快速掃描時使用的簽名檔版本,僅檢查系統中常見的威脅入口(例如記憶體和關鍵系統文件)。
(完)
相關
沒有留言:
張貼留言