Software Development: Build your own Windows Security Center

• Download source - 219.41 KB

Introduction

Windows Security Center in Windows® XP was made and designed to monitor three different security essentials, Windows Firewall status, Windows Updates settings and antivirus product status. The Windows Security Center has succeeded in protecting and keeping the user updated about each security essential.

The Windows Security Center User Interface

Windows Security Center has a very simple and basic graphic user interface (GUI) as described below:

The Windows Security Center user interface is very easy to understand. But at the same time, Windows Security Center user interface is still advanced. However, each message alerts and describes something. 

If you're using the Windows Firewall or [3rd party firewall], have Automatic Updates turned on, and use an antivirus program, all windows should show on with a green light.

You will see this if Automatic Updates or the Windows Firewall is turned off [or if you aren't using a 3^rd party one].

 You will see this if an antivirus program isn't found. 

You will see this if you've told Windows Security Center to not monitor your Windows Firewall [or your 3^rd party firewall] or antivirus settings.

How Does Windows Security Center Work?

In order to build your own Windows Security Center, you should first understand how an already working security center works. The Windows Security Center in Windows® XP was the first security center Microsoft made. The Windows Security Center finds information about the three security essentials like this:

• Windows Firewall Status: Windows Security Center finds the Windows Firewall settings through the Windows Firewall API. The file that has these is: hnetcfg.dll.
  
  However, we need the Class Identifier (CLSID) which is also required to obtain a reference to the Windows Firewall Manager class.

  CLSID = {304CE942-6E39-40D8-943A-B913C40C9CD4}

  Registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}

• 3rd Party Firewall Status: The Windows Security Center finds 3^rd party firewalls through the Windows Management Instrumentation (WMI), from the Security Center WMI root path.
  
  WMI root path: \\HOSTNAME\ROOT\SecurityCenter:FirewallProduct

• Windows Updates Status: Windows Security Center finds the automatic update settings through the Windows Registry.

  Registry path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
  CurrentVersion\WindowsUpdate\Auto Update\

  Key: AUOptions

• Antivirus Status: Windows Security Center finds the antivirus product through the Windows Management Instrumentation (WMI), from the Security Center WMI root path.

  WMI root path: \\HOSTNAME\ROOT\SecurityCenter:AntiVirusProduct

• The Windows Security Center, in fact, does not have these three security status essential functions inside itself. However, the real fact is that Windows Security Center keeps monitoring the three security essentials thanks to its Windows Security Center Service running in the background.

You can also look at the architecture illustration below, to gain a better understanding.

Build Your Own Windows Security Center  

Now, to the final one: we are going to build our own Windows Security Center.
Starting off with the Windows Forms GUI, I added about 8 panel controls. I also added some labels, pictureboxes and three timers. 

Add the Windows Firewall API 

To control the Windows Firewall from your windows application, you need to add some references.

// Adding the Windows Firewall API namespaces
using NATUPNPLib;
using NETCONLib;
using NetFwTypeLib; 

Now add the following code which is the Windows Firewall Manager code:

 #region Windows Firewall Manager

        //A reference to the Windows Firewall Manager class. 
        private static NetFwTypeLib.INetFwMgr GetFirewallManager()
        {
            // CLSID of the Windows Firewall Manager class
            const string CLSID_FIREWALL_MANAGER = 
			"{304CE942-6E39-40D8-943A-B913C40C9CD4}";

            Type objType = Type.GetTypeFromCLSID(new Guid(CLSID_FIREWALL_MANAGER));
            return Activator.CreateInstance(objType) as NetFwTypeLib.INetFwMgr;
        }


        // The instance of Windows Firewall Manager
        private static INetFwMgr netFwMgr = GetFirewallManager();

  #endregion 

Now to call the Windows Firewall Manager code inside our Timer_Event(), this allows us to monitor our Windows Firewall in real-time.

  #region Monitor Windows Firewall
        private void WindowsFirewall_Tick(object sender, EventArgs e)
        {
            if (netFwMgr.LocalPolicy.CurrentProfile.FirewallEnabled == true)
            {
                this.btnTurnOnWinFirewall.Visible = false;
                this.panel9.Visible = false;  
                this.Firewallpanel.BackColor = System.Drawing.Color.FromArgb
			(((int)(((byte)(220)))), ((int)(((byte)(228)))), 
			((int)(((byte)(252)))));
                this.FirewallStatusIcon.Image = 
		global::XPSecurityCenter.Properties.Resources._51804_34x34_ico_check_f;
                this.winFirewallStatusTxt.Text = "On";
                this.FirewallDescribTxt.Text = 
			"Windows Firewall is protecting your PC from hackers.";
            }
            else
            {
                this.btnTurnOnWinFirewall.Visible = true;
                this.panel9.Visible = true;  
                this.Firewallpanel.BackColor = System.Drawing.Color.FromArgb
			(((int)(((byte)(234)))), ((int)(((byte)(144)))), 
			((int)(((byte)(111)))));
                this.FirewallStatusIcon.Image = 
		global::XPSecurityCenter.Properties.Resources._51804_34x34_ico_error_f;
                this.winFirewallStatusTxt.Text = "Off";
                this.FirewallDescribTxt.Text = 
		"The Windows Firewall is turned off and you can be hacked, 
		turn it On again!";
            }
        }
  #endregion

Accessing the Windows Update Settings 

Now we must add the code to monitor the Windows Updates settings.

#region Monitor Windows Updates Settings
        private void MonitorWindowsUpdate_Tick(object sender, EventArgs e)
        {
            RegistryKey key = Registry.LocalMachine.OpenSubKey
	    (@"SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\");
            int value = (Int32)key.GetValue("AUOptions");

           /* 
               Each value [inside the switch ()] below describes a setting property: 
               
               1 = The Windows Automatic Update is turned off.
               2 = The Windows Automatic Updates still on. But it's using this settings
                   instead: "Check for updates but let me choose 
		 whether to download and install them".
               3 = The Windows Automatic Updates still on. But it's using this setting 
                   instead: "Download updates but let me choose whether to install them".
               4 = The Windows Automatic Updates is turned on.
                                                           
           */

            switch(value)
            {
                //If the value=1 then set these properties. 
                //The properties are changed to alerting design, 
                //so the user gets informed. 
                case 1:
                    this.btnTurnONAU.Visible = true;
                    this.panel10.Visible = true; 
                    this.automaticUpdatePanel.BackColor = System.Drawing.Color.FromArgb
			(((int)(((byte)(234)))), ((int)(((byte)(144)))), 
			((int)(((byte)(111)))));
                    this.AutomaticUpdateStatusIcon.Image = 
			global::XPSecurityCenter.Properties.
			Resources._51804_34x34_ico_error_f;
                    this.autoUpatesStatusTxt.Text = "Off";
                    this.AutomaticUpdatesDescribTxt.Text = 
			"Automatic Update is Off.\nAutomatic Updates is turned off.
			\nAutomatic Update helps you keep Windows up-to-date, 
			so turn it On again."; 
                    break;
                case 2:
                    this.automaticUpdatePanel.BackColor = 
			System.Drawing.Color.FromArgb(((int)(((byte)(234)))), 
			((int)(((byte)(144)))), ((int)(((byte)(111)))));
                    this.AutomaticUpdateStatusIcon.Image = 
			global::XPSecurityCenter.Properties.
			Resources._51804_34x34_ico_error_f;
                    this.autoUpatesStatusTxt.Text = "";
                    break;
                case 3:
                    this.automaticUpdatePanel.BackColor = 
			System.Drawing.Color.FromArgb(((int)(((byte)(234)))), 
			((int)(((byte)(144)))), ((int)(((byte)(111)))));
                    this.AutomaticUpdateStatusIcon.Image = 
			global::XPSecurityCenter.Properties.
			Resources._51804_34x34_ico_error_f;
                    this.autoUpatesStatusTxt.Text = "";
                    break;
                case 4:
                    this.btnTurnONAU.Visible = false;
                    this.panel10.Visible = false; 
                    this.automaticUpdatePanel.BackColor = 
			System.Drawing.Color.FromArgb(((int)(((byte)(220)))), 
			((int)(((byte)(228)))), ((int)(((byte)(252)))));
                    this.AutomaticUpdateStatusIcon.Image = 
			global::XPSecurityCenter.Properties.
			Resources._51804_34x34_ico_check_f;
                    this.autoUpatesStatusTxt.Text = "On";
                    this.AutomaticUpdatesDescribTxt.Text = 
			"Automatic Update is On.\nAutomatic 
			Update helps you keep Windows up-to-date."; 
                    break;
            }
        }
#endregion 

Find the Antivirus Product

Now we must add the code that will allow our application to find the antivirus product in the user's PC.

#region Monitor Antivirus Program
        private void MonitorAntivirusProduct_Tick(object sender, EventArgs e)
        {
            try
            {
                ManagementObjectSearcher search = new ManagementObjectSearcher
					("SELECT * FROM AntiVirusProduct");
                string name = "";
                foreach (ManagementObject obj in search.Get())
                {
                    name = obj["displayName"].ToString();
                }

                this.virusProtectionDescribTxt.Text = name + 

					" is protecting your system.";
                this.virusProtectionPanel.BackColor = System.Drawing.Color.FromArgb
		(((int)(((byte)(220)))), ((int)(((byte)(228)))), 
		((int)(((byte)(252)))));
                this.VirusProtectionStatusIcon.Image = 
		global::XPSecurityCenter.Properties.Resources._51804_34x34_ico_check_f;
                this.virusProtectionStatusTxt.Location = new System.Drawing.Point(453, 7);
                this.virusProtectionStatusTxt.Text = "On";
            }
            catch
            {
                this.virusProtectionPanel.BackColor = System.Drawing.Color.FromArgb
			(((int)(((byte)(234)))), ((int)(((byte)(144)))), 
			((int)(((byte)(111)))));
                this.VirusProtectionStatusIcon.Image = 
		global::XPSecurityCenter.Properties.Resources._51804_34x34_ico_error_f;
                this.virusProtectionStatusTxt.Location = new System.Drawing.Point(404, 7);
                this.virusProtectionStatusTxt.Text = "Not found";
                this.virusProtectionDescribTxt.Text = 
			"No antivirus program is installed on this PC.";
            }
        }
 #endregion

Now finally, our own Windows Security Center is built and runs.

Conclusions

As you might see, the Windows Security Center in Windows® XP is built very easily. What did we learn? – Well, we learned more about how a security center works; we also researched deeply and studied the Windows Security Center. We also made our own full working security center based on APIs and other functions that are available. So as you might see, you can build anything, just study it first. Good luck! I hope this article has been helpful to all users and developers. 

References  

• About Windows Firewall API 
• Using Windows Firewall API 
• Windows Security Center API

You must Sign In to use this message board.

FAQ    Noise Tolerance Very HighHighMediumLowVery Low   Layout Expand Posts & RepliesThread ViewNo JavascriptNo JS + Preview   Per page 102550

Msgs 1 to 18 of 18 (Total in Forum: 18) (Refresh) FirstPrevNext

multiple anti virus software fkhg1 3:11 6 Aug '09   i think you can change this part: ManagementObjectSearcher search = new ManagementObjectSearcher("SELECT * FROM AntiVirusProduct"); string name = ""; foreach (ManagementObject obj in search.Get()) { name = obj["displayName"].ToString(); } this.virusProtectionDescribTxt.Text = name + " is protecting your system."; because only the last anti virus prudukt is shown a very simple solution is foreach (ManagementObject obj in search.Get()) { name =+ obj["displayName"].ToString() + " "; } but there are better ways i think Sign In·View Thread·PermaLink Re: multiple anti virus software Coder24.com 5:28 9 Aug '09   Hi fkhg1: Well, the security center actually monitors the antivirus based on their status and running processes. Which means that the security center chooses to display and monitor (in real-time) the antivirus which is on and is active based on its update status. recommendation: is to do this, collect the found antivirus products and check by using simple "if" and-"else if" code. Example: Code-snippet: Code: if(search.Get().Count == 1) { } else if(search.Get().Count == 2) { //Put code here, for multi-support. } I think you should use a array[] for this type of task. I hope this information was helpful... Have a nice day... Best regards, Fisnik www.Coder24.com Sign In·View Thread·PermaLink Re: multiple anti virus software Coder24.com 9:18 9 Aug '09   Hi again: here is a solution for multi-support. int i = 0; string[] a = new string[5]; string computer = System.Net.Dns.GetHostName(); string wmipath = @"\\" + computer + @"\root\SecurityCenter2"; ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmipath, "SELECT * FROM AntiVirusProduct"); ManagementObjectCollection instances = searcher.Get(); foreach (ManagementObject obj in instances) { a[i] = obj["displayName"].ToString(); i++; } this.label1.Text = string.Format("{0} and {1} are both reporting that they are on.\nNote: It's hightly recommended to run just one antivirus program.", a[0], a[1]); I hope this helps. Have a nice day... Best regards, Fisnik www.Coder24.com Sign In·View Thread·PermaLink Does the application work? Coder24.com 7:20 1 Jul '09   Does the application work? Have a nice day... Best regards, Fisnik www.Coder24.com Sign In·View Thread·PermaLink Not a bad looking application Pete O'Hanlon 10:51 30 Jun '09   Looks good, and your article contains a lot of well researched information in it. I would suggest, though, that you give your controls more meaningful names, rather than (say label8). "WPF has many lovers. It's a veritable porn star!" - Josh Smith As Braveheart once said, "You can take our freedom but you'll never take our Hobnobs!" - Martin Hughes. My blog | My articles | MoXAML PowerToys | Onyx Sign In·View Thread·PermaLink Re: Not a bad looking application Coder24.com 22:35 30 Jun '09   Hi - Pete: Thank you! Well, I always leave the controls with their names, I mean as Visual Studio names them. Anyway, you said: "your article contains a lot of well researched information in it", yes, in fact, I have my research papers about the Windows Security Center in Windows XP, I also have research papers about Windows Security Center in Windows Vista. I'm currently researching the Action Center in Windows 7 RC1. However, what I can say so far, is that there are differences between these three. NOTE: MY RESEARCH PAPERS HAVE A LOT MORE INFORMATION IN DEPTH. Thanks.... Have a nice day... Best regards, Fisnik www.Coder24.com Sign In·View Thread·PermaLink Re: Not a bad looking application Pete O'Hanlon 1:10 1 Jul '09   Coder24.com wrote: Well, I always leave the controls with their names That's not good practice - you should rename them to something more meaningful where it makes sense to do so. Rather than referring to picture1, for instance, you might want to refer to picFirewallGraphic so that people can see, at a glance, what the purpose of the graphic is for (I know this isn't the image you're using in your code; it's just an example). "WPF has many lovers. It's a veritable porn star!" - Josh Smith As Braveheart once said, "You can take our freedom but you'll never take our Hobnobs!" - Martin Hughes. My blog | My articles | MoXAML PowerToys | Onyx Sign In·View Thread·PermaLink 5.00/5 (1 vote) Re: Not a bad looking application Coder24.com 6:25 1 Jul '09   Hi - Pete: I know it's not good at all. But, because, you gave me a suggestion to change them [so I did it], you can check it now. Thanks! Have a nice day... Best regards, Fisnik www.Coder24.com Sign In·View Thread·PermaLink Re: Not a bad looking application Shivprasad koirala 9:18 9 Aug '09   Frankly the article revolves around some other topic, the label should not be big problem as such. Well done sir. This really requires lot of hardwork. Keep it up. Visit my 500 videos on WCF,WPF,WWF,Silverlight,UML design patters @ http://www.questpond.com Sign In·View Thread·PermaLink 2.00/5 (1 vote) Re: Not a bad looking application Coder24.com 9:28 9 Aug '09   Dear Shivprasad koirala: Thank you very much! I will "continue" keep-it-up. Have a nice day... Best and Kind regards, Fisnik www.Coder24.com Sign In·View Thread·PermaLink Is there something wrong with my English? Coder24.com 6:54 30 Jun '09   Is there something wrong with my English? Have a nice day... Best regards, Fisnik www.Coder24.com Sign In·View Thread·PermaLink Windows Firewall Hristo Bojilov 3:52 30 Jun '09   Thank you for the fast answers! My best Regards! Sign In·View Thread·PermaLink Re: Windows Firewall Coder24.com 6:03 30 Jun '09   Hi again: Well, thanks again. I wish other codeproject members could give me information such: suggestions, comments or report anything. Have a nice day... Best regards, Fisnik www.Coder24.com Sign In·View Thread·PermaLink NICE [modified] Hristo Bojilov 0:16 30 Jun '09   I like your article! It contains a lot of useful information about Windows security settings. Do you know how to add programatically Firewall exception for TCP/UPD port,for example I wanna enable TCP port number 1433 for SQL Server Client? Is there a solution for the problem that works both under XP/2003 and Vista? Thanks! modified on Tuesday, June 30, 2009 5:25 AM Sign In·View Thread·PermaLink Re: NICE Coder24.com 0:52 30 Jun '09   Hi - Hristo: Thanks! Yes, through this: HNetCfg.FwAuthorizedApplication. I will see if I can provide you with a link to one of my projects. Have a nice day... Best regards, Fisnik www.Coder24.com Sign In·View Thread·PermaLink Re: NICE Coder24.com 0:55 30 Jun '09   "It contains a lot of useful information about Windows security settings." Well, the reason why it contains so much information, is becuase, I have been working with the Windows Security Center in different way's. I played with it and searched the registry for it's values. Have a nice day... Best regards, Fisnik www.Coder24.com Sign In·View Thread·PermaLink Re: NICE Coder24.com 1:11 30 Jun '09   "Is there a solution for the problem that works both under XP/2003 and Vista?" Well, under XP things works fine (I do not know regarding the Windows Server 2003). However, under Windows Vista and Windows 7 there appears "security exceptions" - type of, not in the "code", but a Windows Security Alert message appears on the screen. Have a nice day... Best regards, Fisnik www.Coder24.com Sign In·View Thread·PermaLink Your comments are welcome Coder24.com 7:55 29 Jun '09   Your comments are welcome www.Coder24.com Sign In·View Thread·PermaLink

Last Visit: 10:04 21 Nov '09     Last Update: 10:04 21 Nov '09 1