Integrating with WMI
3 August 2023
ID 177039
Kaspersky Industrial CyberSecurity for Nodes supports integration with Windows Management Instrumentation (WMI): you can use client systems that use WMI to receive data via the Web-Based Enterprise Management (WBEM) standard in order to receive information about the status of Kaspersky Industrial CyberSecurity for Nodes and its components.
When Kaspersky Industrial CyberSecurity for Nodes is installed, it registers a proprietary module on the system to create a Kaspersky Industrial CyberSecurity for Nodes namespace on the protected device. A Kaspersky Industrial CyberSecurity for Nodes namespace lets you work with Kaspersky Industrial CyberSecurity for Nodes classes and instances and their properties.
The values of some instance properties depend on task types.
A non-periodic task is an application task that is not time-limited and can either be constantly running or stopped. Such tasks have no execution progress. The task results are logged continuously while the task is running as single events (for example, detection of an infected object by any Real-Time Computer Protection tasks). This type of tasks is managed via Kaspersky Security Center policies.
A periodic task is an application task that is time-limited and has execution progress displayed as a percentage. The task results are generated when the task is complete and are represented as a single item or changed application state (for example, completed application database update, generated configuration files for rule generation tasks). Several periodic tasks of the same type can run on a single protected device simultaneously (e.g. three On-Demand scan tasks with different scan scopes). Periodic tasks can be managed via Kaspersky Security Center as group tasks.
If you use tools to generate WMI namespace queries and receive dynamic data from WMI namespaces on your corporate network, you will be able to receive information about the current application state (see the table below).
Information about the application state
Instance property | Description | Values |
---|---|---|
ProductName | Name of the installed application. | Full name of application without version number. |
ProductVersion | Full version of the installed application. | Full application version number, including the build number. |
InstalledPatches | Set of display names for installed patches. | List of critical fixes installed for the application. |
IsLicenseInstalled | Application activation status. | Status of the key used to activate the application. Possible values:
|
LicenseDaysLeft | Shows how many days are left before a current license expiration. | Number of days remaining before expiration of the current license. Possible non-positive values:
|
AVBasesDatetime | Timestamp for the current anti-virus database version. | Date and time of the creation of the anti-virus databases currently in use. If the installed application does not use anti-virus databases, then the field has the value “Not installed”. |
IsExploitPreventionEnabled | Status of the Exploit Prevention component. | Status of the Exploit Prevention component. Possible values:
|
ProtectionTasksRunning | Set of protection tasks that are currently running. | List of protection, control, and monitoring tasks currently running. This field should account for all running non-periodic tasks. If no non-periodic task is running, the field has the value "None". |
IsAppControlRunning | Status of the Applications Launch Control task. | Status of the Applications Launch Control task.
|
AppControlMode | Applications Launch Control task mode. | Describes the current status of the Applications Launch Control component, and describes the selected mode for the corresponding task. Possible values:
|
AppControlRulesNumber | Total number of applications launch control rules. | The number of rules currently specified in the Applications Launch Control task settings. |
AppControlLastBlocking | The timestamp for the last application launch blocking by the Applications Launch Control task in any mode. | Date and time when the Applications Launch Control component last blocked the launch of an application. This field includes all blocked applications, regardless of the task mode. If no instances of blocked application launches are registered at the time the WMI query is processed, the field is assigned the value "None". |
PeriodicTasksRunning | Set of periodic tasks that are currently running. | List of On-Demand Scan, Update, and inventory-taking tasks currently running. This field should include all running periodic tasks. If no periodic tasks are currently running, then the field has the value "None". |
ConnectionState | Status of the connection between the WMI Provider component and the Kaspersky Security Service (KAVFS). | Information about the status of the connection between the WMI Provider component and the Kaspersky Security Service. Possible values:
|
This data represents instance properties KasperskySecurity_ProductInfo.ProductName=Kaspersky Industrial CyberSecurity for Nodes, where:
- KasperskySecurity_ProductInfo is the name of the Kaspersky Industrial CyberSecurity for Nodes class
- .ProductName=Kaspersky Industrial CyberSecurity for Nodes are the Kaspersky Industrial CyberSecurity for Nodes key properties
The instance is created in the ROOT\Kaspersky\Security namespace.