From 343e4aa9719377cbf5d0bee822435a6025dec686 Mon Sep 17 00:00:00 2001 From: Cliczone <56260838+Cliczone@users.noreply.github.com> Date: Mon, 28 Dec 2020 15:53:36 +0100 Subject: [PATCH 1/5] Retriving Cylance PROTECT Version --- AV Status/AVStatus.vbs | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/AV Status/AVStatus.vbs b/AV Status/AVStatus.vbs index 4733a7f..e8f2edf 100644 --- a/AV Status/AVStatus.vbs +++ b/AV Status/AVStatus.vbs @@ -51,6 +51,7 @@ Dim strTrendVerLen, InstalledAV1, serviceactive Dim strAvastRegPath32, strAvastInstallPath, strAvastRegPath64 Dim strViprebusinessAgt, strViprebusiness64Agt , strVipreBusinessAgtLoc, strViprebusinessAgt1, strVIPREBusinessOnlineKeyPath Dim strMalwareBytesRegPath64, SCEPInstalled, FoundGUID, StatusCode, StatusText +Dim strCylancestatuspath Dim sMonth, sDay, sYear, sHour, sMinutes, sSeconds, strTMMSARegPath, recentFile, NamespacetoCheck, strTMDSARegPath, fileSystem, folder, file, newestfile, ProgramFiles64, stravg2016defpath, stravg2016regpath, colServices, objService Dim strNormanregpath32, strNormanregpath64, strNormanrootpath, boolNormanversion9, strNormandefpath, strKasperskyStandAlonePath, LastUpdateDate, AVGBusSecDataFolder, arrIniFileLines, ProviderRealTimeScanningEnabled, UserRealTimeScanningDisabled Dim objFileToRead, objFileToWrite, node, UpToDateState, strFortiClientPath, FortiClientInstallPath, objApp, strKasperskyKESServerAVVersionPath, strSophosVirtualAVKeyPath, RawProtectionStatus, strPandaAdaptiveDefencePath64, strPandaAdaptiveDefencePath32 @@ -507,6 +508,7 @@ Sub DetectInstalledAV strFortiClientPath = "SOFTWARE\Fortinet\FortiClient\FA_FMON" strPandaAdaptiveDefencePath64 = "Software\wow6432node\Panda Security\Nano Av\Setup" strPandaAdaptiveDefencePath32 = "Software\Panda Security\Nano Av\Setup" + strCylancestatuspath = ProgramData & "\Cylance\Status" @@ -895,10 +897,26 @@ Sub DetectInstalledAV Else OnAccessScanningEnabled = FALSE End If + output.writeline "- Is Real Time Scanning Enabled? " & OnAccessScanningEnabled ProductUpToDate = "TRUE" - FormattedAVVersion = "Unknown" + FormattedAVVersion = "Unknown" + Set objFSO = CreateObject("Scripting.FileSystemObject") + If objFSO.FolderExists(strCylancestatuspath) Then + If objFSO.FileExists(strCylancestatuspath & "\Status.json") Then + Set objFile = objFSO.OpenTextFile(strCylancestatuspath & "\Status.json", 1) + Do Until objFile.AtEndOfStream + strLine = objFile.ReadLine + If InStr(strLine, "version") Then + FormattedAVVersion= left(right(strLine,13),11) + MsgBox FormattedAVVersion + End If + Loop + + objFile.Close + End If + End If '--- Check for AVG Business Security --- ElseIf objFSO.FileExists(ProgramData & "\AVG\Persistent Data\Antivirus\Logs\update.log") Then From 8186c895a1846ee247ae75712997b4412be84789 Mon Sep 17 00:00:00 2001 From: Cliczone <56260838+Cliczone@users.noreply.github.com> Date: Wed, 30 Dec 2020 16:23:15 +0100 Subject: [PATCH 2/5] Removing MsgBox information --- AV Status/AVStatus.vbs | 1 - 1 file changed, 1 deletion(-) diff --git a/AV Status/AVStatus.vbs b/AV Status/AVStatus.vbs index e8f2edf..1d68c8b 100644 --- a/AV Status/AVStatus.vbs +++ b/AV Status/AVStatus.vbs @@ -910,7 +910,6 @@ Sub DetectInstalledAV strLine = objFile.ReadLine If InStr(strLine, "version") Then FormattedAVVersion= left(right(strLine,13),11) - MsgBox FormattedAVVersion End If Loop From 192c63c4a02277de899eee3f90dfee74597781c7 Mon Sep 17 00:00:00 2001 From: Cliczone <56260838+Cliczone@users.noreply.github.com> Date: Wed, 30 Dec 2020 16:32:53 +0100 Subject: [PATCH 3/5] switching VbsJson --- AV Status/AVStatus.vbs | 351 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 341 insertions(+), 10 deletions(-) diff --git a/AV Status/AVStatus.vbs b/AV Status/AVStatus.vbs index 1d68c8b..c87028b 100644 --- a/AV Status/AVStatus.vbs +++ b/AV Status/AVStatus.vbs @@ -389,6 +389,341 @@ End If +' ***************************** +' Class: VbsJson +' ***************************** +Class VbsJson + 'Author: Demon + 'Date: 2012/5/3 + 'Website: http://demon.tw + Private Whitespace, NumberRegex, StringChunk + Private b, f, r, n, t + + Private Sub Class_Initialize + Whitespace = " " & vbTab & vbCr & vbLf + b = ChrW(8) + f = vbFormFeed + r = vbCr + n = vbLf + t = vbTab + + Set NumberRegex = New RegExp + NumberRegex.Pattern = "(-?(?:0|[1-9]\d*))(\.\d+)?([eE][-+]?\d+)?" + NumberRegex.Global = False + NumberRegex.MultiLine = True + NumberRegex.IgnoreCase = True + + Set StringChunk = New RegExp + StringChunk.Pattern = "([\s\S]*?)([""\\\x00-\x1f])" + StringChunk.Global = False + StringChunk.MultiLine = True + StringChunk.IgnoreCase = True + End Sub + + 'Return a JSON string representation of a VBScript data structure + 'Supports the following objects and types + '+-------------------+---------------+ + '| VBScript | JSON | + '+===================+===============+ + '| Dictionary | object | + '+-------------------+---------------+ + '| Array | array | + '+-------------------+---------------+ + '| String | string | + '+-------------------+---------------+ + '| Number | number | + '+-------------------+---------------+ + '| True | true | + '+-------------------+---------------+ + '| False | false | + '+-------------------+---------------+ + '| Null | null | + '+-------------------+---------------+ + Public Function Encode(ByRef obj) + Dim buf, i, c, g + Set buf = CreateObject("Scripting.Dictionary") + Select Case VarType(obj) + Case vbNull + buf.Add buf.Count, "null" + Case vbBoolean + If obj Then + buf.Add buf.Count, "true" + Else + buf.Add buf.Count, "false" + End If + Case vbInteger, vbLong, vbSingle, vbDouble + buf.Add buf.Count, obj + Case vbString + buf.Add buf.Count, """" + For i = 1 To Len(obj) + c = Mid(obj, i, 1) + Select Case c + Case """" buf.Add buf.Count, "\""" + Case "\" buf.Add buf.Count, "\\" + Case "/" buf.Add buf.Count, "/" + Case b buf.Add buf.Count, "\b" + Case f buf.Add buf.Count, "\f" + Case r buf.Add buf.Count, "\r" + Case n buf.Add buf.Count, "\n" + Case t buf.Add buf.Count, "\t" + Case Else + If AscW(c) >= 0 And AscW(c) <= 31 Then + c = Right("0" & Hex(AscW(c)), 2) + buf.Add buf.Count, "\u00" & c + Else + buf.Add buf.Count, c + End If + End Select + Next + buf.Add buf.Count, """" + Case vbArray + vbVariant + g = True + buf.Add buf.Count, "[" + For Each i In obj + If g Then g = False Else buf.Add buf.Count, "," + buf.Add buf.Count, Encode(i) + Next + buf.Add buf.Count, "]" + Case vbObject + If TypeName(obj) = "Dictionary" Then + g = True + buf.Add buf.Count, "{" + For Each i In obj + If g Then g = False Else buf.Add buf.Count, "," + buf.Add buf.Count, """" & i & """" & ":" & Encode(obj(i)) + Next + buf.Add buf.Count, "}" + Else + Err.Raise 8732,,"None dictionary object" + End If + Case Else + buf.Add buf.Count, """" & CStr(obj) & """" + End Select + Encode = Join(buf.Items, "") + End Function + + 'Return the VBScript representation of ``str(`` + 'Performs the following translations in decoding + '+---------------+-------------------+ + '| JSON | VBScript | + '+===============+===================+ + '| object | Dictionary | + '+---------------+-------------------+ + '| array | Array | + '+---------------+-------------------+ + '| string | String | + '+---------------+-------------------+ + '| number | Double | + '+---------------+-------------------+ + '| true | True | + '+---------------+-------------------+ + '| false | False | + '+---------------+-------------------+ + '| null | Null | + '+---------------+-------------------+ + Public Function Decode(ByRef str) + Dim idx + idx = SkipWhitespace(str, 1) + + If Mid(str, idx, 1) = "{" Then + Set Decode = ScanOnce(str, 1) + Else + Decode = ScanOnce(str, 1) + End If + End Function + + Private Function ScanOnce(ByRef str, ByRef idx) + Dim c, ms + + idx = SkipWhitespace(str, idx) + c = Mid(str, idx, 1) + + If c = "{" Then + idx = idx + 1 + Set ScanOnce = ParseObject(str, idx) + Exit Function + ElseIf c = "[" Then + idx = idx + 1 + ScanOnce = ParseArray(str, idx) + Exit Function + ElseIf c = """" Then + idx = idx + 1 + ScanOnce = ParseString(str, idx) + Exit Function + ElseIf c = "n" And StrComp("null", Mid(str, idx, 4)) = 0 Then + idx = idx + 4 + ScanOnce = Null + Exit Function + ElseIf c = "t" And StrComp("true", Mid(str, idx, 4)) = 0 Then + idx = idx + 4 + ScanOnce = True + Exit Function + ElseIf c = "f" And StrComp("false", Mid(str, idx, 5)) = 0 Then + idx = idx + 5 + ScanOnce = False + Exit Function + End If + + Set ms = NumberRegex.Execute(Mid(str, idx)) + If ms.Count = 1 Then + idx = idx + ms(0).Length + ScanOnce = CDbl(ms(0)) + Exit Function + End If + + Err.Raise 8732,,"No JSON object could be ScanOnced" + End Function + + Private Function ParseObject(ByRef str, ByRef idx) + Dim c, key, value + Set ParseObject = CreateObject("Scripting.Dictionary") + idx = SkipWhitespace(str, idx) + c = Mid(str, idx, 1) + + If c = "}" Then + idx = idx + 1 + Exit Function + ElseIf c <> """" Then + Err.Raise 8732,,"Expecting property name" + End If + + idx = idx + 1 + + Do + key = ParseString(str, idx) + + idx = SkipWhitespace(str, idx) + If Mid(str, idx, 1) <> ":" Then + Err.Raise 8732,,"Expecting : delimiter" + End If + + idx = SkipWhitespace(str, idx + 1) + If Mid(str, idx, 1) = "{" Then + Set value = ScanOnce(str, idx) + Else + value = ScanOnce(str, idx) + End If + ParseObject.Add key, value + + idx = SkipWhitespace(str, idx) + c = Mid(str, idx, 1) + If c = "}" Then + Exit Do + ElseIf c <> "," Then + Err.Raise 8732,,"Expecting , delimiter" + End If + + idx = SkipWhitespace(str, idx + 1) + c = Mid(str, idx, 1) + If c <> """" Then + Err.Raise 8732,,"Expecting property name" + End If + + idx = idx + 1 + Loop + + idx = idx + 1 + End Function + + Private Function ParseArray(ByRef str, ByRef idx) + Dim c, values, value + Set values = CreateObject("Scripting.Dictionary") + idx = SkipWhitespace(str, idx) + c = Mid(str, idx, 1) + + If c = "]" Then + idx = idx + 1 + ParseArray = values.Items + Exit Function + End If + + Do + idx = SkipWhitespace(str, idx) + If Mid(str, idx, 1) = "{" Then + Set value = ScanOnce(str, idx) + Else + value = ScanOnce(str, idx) + End If + values.Add values.Count, value + + idx = SkipWhitespace(str, idx) + c = Mid(str, idx, 1) + If c = "]" Then + Exit Do + ElseIf c <> "," Then + Err.Raise 8732,,"Expecting , delimiter" + End If + + idx = idx + 1 + Loop + + idx = idx + 1 + ParseArray = values.Items + End Function + + Private Function ParseString(ByRef str, ByRef idx) + Dim chunks, content, terminator, ms, esc, char + Set chunks = CreateObject("Scripting.Dictionary") + + Do + Set ms = StringChunk.Execute(Mid(str, idx)) + If ms.Count = 0 Then + Err.Raise 8732,,"Unterminated string starting" + End If + + content = ms(0).Submatches(0) + terminator = ms(0).Submatches(1) + If Len(content) > 0 Then + chunks.Add chunks.Count, content + End If + + idx = idx + ms(0).Length + + If terminator = """" Then + Exit Do + ElseIf terminator <> "\" Then + Err.Raise 8732,,"Invalid control character" + End If + + esc = Mid(str, idx, 1) + + If esc <> "u" Then + Select Case esc + Case """" char = """" + Case "\" char = "\" + Case "/" char = "/" + Case "b" char = b + Case "f" char = f + Case "n" char = n + Case "r" char = r + Case "t" char = t + Case Else Err.Raise 8732,,"Invalid escape" + End Select + idx = idx + 1 + Else + char = ChrW("&H" & Mid(str, idx + 1, 4)) + idx = idx + 5 + End If + + chunks.Add chunks.Count, char + Loop + + ParseString = Join(chunks.Items, "") + End Function + + Private Function SkipWhitespace(ByRef str, ByVal idx) + Do While idx <= Len(str) And _ + InStr(Whitespace, Mid(str, idx, 1)) > 0 + idx = idx + 1 + Loop + SkipWhitespace = idx + End Function + +End Class + + + + ' ***************************** ' Sub: OSType ' ***************************** @@ -905,17 +1240,13 @@ Sub DetectInstalledAV Set objFSO = CreateObject("Scripting.FileSystemObject") If objFSO.FolderExists(strCylancestatuspath) Then If objFSO.FileExists(strCylancestatuspath & "\Status.json") Then - Set objFile = objFSO.OpenTextFile(strCylancestatuspath & "\Status.json", 1) - Do Until objFile.AtEndOfStream - strLine = objFile.ReadLine - If InStr(strLine, "version") Then - FormattedAVVersion= left(right(strLine,13),11) - End If - Loop - - objFile.Close + Dim json, str, o, i + Set json = New VbsJson + str = objFSO.OpenTextFile(strCylancestatuspath & "\Status.json").ReadAll + Set o = json.Decode(str) + FormattedAVVersion= o("ProductInfo")("version") End If - End If + End If '--- Check for AVG Business Security --- ElseIf objFSO.FileExists(ProgramData & "\AVG\Persistent Data\Antivirus\Logs\update.log") Then From 78094f8d4a50c3deff4b8b8a451ebf7ea91794f5 Mon Sep 17 00:00:00 2001 From: Cliczone <56260838+Cliczone@users.noreply.github.com> Date: Wed, 30 Dec 2020 16:43:54 +0100 Subject: [PATCH 4/5] Typo --- AV Status/AVStatus.vbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AV Status/AVStatus.vbs b/AV Status/AVStatus.vbs index c87028b..7d61c60 100644 --- a/AV Status/AVStatus.vbs +++ b/AV Status/AVStatus.vbs @@ -1244,7 +1244,7 @@ Sub DetectInstalledAV Set json = New VbsJson str = objFSO.OpenTextFile(strCylancestatuspath & "\Status.json").ReadAll Set o = json.Decode(str) - FormattedAVVersion= o("ProductInfo")("version") + FormattedAVVersion = o("ProductInfo")("version") End If End If From da07db54de872d0bc3ee827d5ed6ef7efae335bf Mon Sep 17 00:00:00 2001 From: Cliczone <56260838+Cliczone@users.noreply.github.com> Date: Wed, 30 Dec 2020 16:59:06 +0100 Subject: [PATCH 5/5] With more logs ... --- AV Status/AVStatus.vbs | 1 + 1 file changed, 1 insertion(+) diff --git a/AV Status/AVStatus.vbs b/AV Status/AVStatus.vbs index 7d61c60..3a12fd7 100644 --- a/AV Status/AVStatus.vbs +++ b/AV Status/AVStatus.vbs @@ -1247,6 +1247,7 @@ Sub DetectInstalledAV FormattedAVVersion = o("ProductInfo")("version") End If End If + output.writeline "- The installed version of Cylance PROTECT is: " & FormattedAVVersion '--- Check for AVG Business Security --- ElseIf objFSO.FileExists(ProgramData & "\AVG\Persistent Data\Antivirus\Logs\update.log") Then