Determine firewall from WMI SecurityCenter/SecurityCenter2 FirewallProduct properties?
I help support a monitoring product which runs in a Microsoft Windows environment that needs to the report the name of any 3rd party firewall product that is installed, the version number, and the current status of the firewall (enabled or disabled).
In a Windows XP environment, we solved this by writing a VBScript that queries the Windows Management Instrumentation (WMI) ROOT\SecurityCenter namespace. The FirewallProduct class in this namespace has properties named "displayName", "enabled", and "versionNumber" that return the information we need. Our VBScript works successfully with Symantec Endpoint Protection (11.0.4202.75) installed on the system. We can retrieve the desired information.
Now, we want to do the same thing in a Windows 7 SP1 (32-bit) environment but are not getting the same results. I learned that Win7 "ActionCenter" uses WMI namespace ROOT\SecurityCenter2 instead of ROOT\SecurityCenter. FirewallProduct class in SecurityCenter2 seems to have different properties. Using "WMI Object Browser" from Microsoft WMI Administrative Tools, I determined that FirewallProduct in SecurityCenter2 has a "displayName" property but not an "enabled" or "versionNumber" property.
We have Symantec Endpoint Protection (11.0.6300.803) installed in the Win7 SP1 environment. From what I've read on some Symantec sites, it sounds like we should be using 11.0 Release Update 7 (RU7) or later for Win7 SP1.
Are the missing FirewallProduct properties caused by Symantec? (ie, Do we need to upgrade to a newer SEP version?)
Or, does Microsoft Win7 / WMI SecurityCenter2 simply not support those properties anymore?
Any thoughts or comments would be greatly appreciated. Maybe someone could suggest a totally different approach that does not use WMI.
btw...this is my first time posting here so I might not have this tagged properly. If not, please offer suggestions.