您现在的位置是:网站首页> 编程资料编程资料
VBS 强制关闭Symantec Endpoint Protection的代码_vbs_
2023-05-25
276人已围观
简介 VBS 强制关闭Symantec Endpoint Protection的代码_vbs_
使用这个脚本,可以随时让它歇下来。当然也可以让它继续工作。
前提是,你必须是本机管理员。
这个脚本使用一各很过时的终止程序方法:ntsd.exe -c q -p ProcessID。所以以前有过一个bat版,之所以用VBS是因为效率高一点,而且没有太多的黑色窗口。
主要思想是:循环终止程序+停止服务
代码如下:
'On Error Resume Next
' 检查操作系统版本
Call CheckOS()
Call MeEncoder()
' 程序初始化,取得参数
If WScript.Arguments.Count = 0 Then
Call main()
WScript.Quit
Else
Dim strArg, arrTmp
For Each strArg In WScript.Arguments
arrTmp = Split(strArg, "=")
If UBound( arrTmp ) = 1 Then
Select Case LCase( arrTmp(0) )
Case "sep"
Call sep( arrTmp(1) )
Case "process_stop"
Call process_stop( arrTmp(1) )
Case "process_start"
Call process_start( arrTmp(1) )
Case "server_stop"
Call server_stop( arrTmp(1) )
Case "server_start"
Call server_start( arrTmp(1) )
Case "show_tip"
Call show_tip( arrTmp(1) )
Case Else
WScript.Quit
End Select
End If
Next
WScript.Quit
End If
' 主程序
Sub main()
If (IsRun("Rtvscan.exe", "") = 1) Or (IsRun("ccSvcHst.exe", "") = 1) Or (IsRun("SMC.exe", "") = 1) Then
Call SEP_STOP()
Else
Call SEP_START()
End If
End Sub
' 带参数运行
Sub sep( strMode )
Select Case LCase(strMode)
Case "stop"
Call SEP_STOP()
Case "start"
Call SEP_START()
End Select
End Sub
' 停止SEP
Sub SEP_STOP()
Set wso = CreateObject("WScript.Shell")
'kill other app
Call process_clear()
'kill sep
wso.Run """" & WScript.ScriptFullName & """ server_stop=""SENS""", 0, True
'Get Me PID
Set pid = Getobject("winmgmts:\\.").InstancesOf("Win32_Process")
For Each id In pid
If LCase(id.name) = LCase("Wscript.exe") Then
mepid=id.ProcessID
End If
Next
'tips
wso.Run """" & WScript.ScriptFullName & """ show_tip=stop", 0, False
'stop service
wso.Run """" & WScript.ScriptFullName & """ server_stop=""SENS""", 0, True
wso.Run """" & WScript.ScriptFullName & """ server_stop=""Symantec AntiVirus""", 0, True
wso.Run """" & WScript.ScriptFullName & """ server_stop=""ccEvtMgr""", 0, True
wso.Run """" & WScript.ScriptFullName & """ server_stop=""SmcService""", 0, True
wso.Run """" & WScript.ScriptFullName & """ server_stop=""SNAC""", 0, True
wso.Run """" & WScript.ScriptFullName & """ server_stop=""ccSetMgr""", 0, True
'kill apps
wso.Run """" & WScript.ScriptFullName & """ process_stop=ccApp.exe", 0, False
wso.Run """" & WScript.ScriptFullName & """ process_stop=ccSvcHst.exe", 0, False
wso.Run """" & WScript.ScriptFullName & """ process_stop=SNAC.exe", 0, False
wso.Run """" & WScript.ScriptFullName & """ process_stop=Rtvscan.exe", 0, False
wso.Run """" & WScript.ScriptFullName & """ process_stop=SescLU.exe", 0, False
wso.Run """" & WScript.ScriptFullName & """ process_stop=Smc.exe", 0, False
wso.Run """" & WScript.ScriptFullName & """ process_stop=SmcGui.exe", 0, False
'wait
WScript.Sleep 15000
'kill other script
Set pid = Getobject("winmgmts:\\.").InstancesOf("Win32_Process")
For Each ps In pid
If (LCase(ps.name) = "wscript.exe") Or (LCase(ps.name) = "cscript.exe") Then ps.terminate
Next
'kill other app
Call process_clear()
'start ?
'Call SEP_START()
End Sub
' 恢复SEP
Sub SEP_START()
Set wso = CreateObject("WScript.Shell")
'tips
wso.Run """" & WScript.ScriptFullName & """ show_tip=start", 0, False
'start server
wso.Run """" & WScript.ScriptFullName & """ server_stop=""SENS""", 0, True
wso.Run """" & WScript.ScriptFullName & """ server_start=""Symantec AntiVirus""", 0, True
wso.Run """" & WScript.ScriptFullName & """ server_start=""ccEvtMgr""", 0, True
wso.Run """" & WScript.ScriptFullName & """ server_start=""SmcService""", 0, True
wso.Run """" & WScript.ScriptFullName & """ server_start=""SNAC""", 0, True
wso.Run """" & WScript.ScriptFullName & """ server_start=""ccSetMgr""", 0, True
Set wso = Nothing
End Sub
' 关闭进程
Function process_stop( strAppName )
Dim i
For i = 1 To 100
Set pid = Getobject("winmgmts:\\.").InstancesOf("Win32_Process")
For Each id In pid
If LCase(id.name) = LCase(strAppName) Then
Dim wso
Set wso = CreateObject("WScript.Shell")
wso.run "ntsd.exe -c q -p " & id.ProcessID, 0, True
End If
Next
WScript.Sleep 500
Next
End Function
' 停止服务
Sub server_stop( byVal strServerName )
Set wso = CreateObject("WScript.Shell")
wso.run "sc config """ & strServerName & """ start= disabled", 0, True
wso.run "cmd /c echo Y|net stop """ & strServerName & """", 0, True
Set wso = Nothing
End Sub
' 启动服务
Sub server_start( byVal strServerName )
Set wso = CreateObject("WScript.Shell")
wso.run "sc config """ & strServerName & """ start= auto", 0, True
wso.run "cmd /c echo Y|net start """ & strServerName & """", 0, True
Set wso = Nothing
End Sub
' 显示提示信息
Sub show_tip( strType )
Set wso = CreateObject("WScript.Shell")
Select Case LCase(strType)
Case "stop"
wso.popup chr(13) + "正在停止 SEP,請稍等.. " + chr(13), 20, "StopSEP 正在运行", 0+64
Case "start"
wso.popup chr(13) + "正在启动 SEP,請稍等.. " + chr(13), 20, "StopSEP 已经停止", 0+64
End Select
Set wso = Nothing
End Sub
' Clear process
Sub process_clear()
'kill other app
Set pid = Getobject("winmgmts:\\.").InstancesOf("Win32_Process")
For Each ps In pid
Select Case LCase(ps.name)
Case "net.exe"
ps.terminate
Case "net1.exe"
ps.terminate
Case "sc.exe"
ps.terminate
Case "ntsd.exe"
ps.terminate
End Select
Next
End Sub
' ====================================================================================================
' ****************************************************************************************************
' * 公共函数
' * 使用方式:将本段全部代码加入程序末尾,将以下代码(1行)加入程序首行即可:
' * Dim WhoAmI, TmpDir, WinDir, AppDataDir, StartupDir, MeDir, UNCHost : Call GetGloVar() ' 全局变量
' * 取得支持:电邮至 yu2n@qq.com
' * 更新日期:2012-12-10 11:37
' ****************************************************************************************************
' 功能索引
' 命令行支持:
' 检测环境:IsCmdMode是否在CMD下运行
' 模拟命令:Exist是否存在文件或文件夹、MD创建目录、Copy复制文件或文件夹、Del删除文件或文件夹、
' Attrib更改文件或文件夹属性、Ping检测网络联通、
' 对话框:
' 提示消息:WarningInfo警告消息、TipInfo提示消息、ErrorInfo错误消息
' 输入密码:GetPassword提示输入密码、
' 文件系统:
' 复制、删除、更改属性:参考“命令行支持”。
' INI文件处理:读写INI文件(Unicode) ReadIniUnicode / WriteIniUnicode
' 注册表处理:RegRead读注册表、RegWrite写注册表
' 日志处理:WriteLog写文本日志
' 字符串处理:
' 提取:RegExpTest
' 程序:
' 检测:IsRun是否运行、MeIsAlreadyRun本程序是否执行、、、、
' 执行:Run前台等待执行、RunHide隐藏等待执行、RunNotWait前台不等待执行、RunHideNotWite后台不等待执行、
' 加密运行:MeEncoder
' 系统:
' 版本
' 延时:Sleep
' 发送按键:SendKeys
' 网络:
' 检测:Ping、参考“命令行支持”。
' 连接:文件共享、、、、、、、、、、
' 时间:Format_Time格式化时间、NowDateTime当前时间
' ====================================================================================================
' ====================================================================================================
' 初始化全局变量
' Dim WhoAmI, TmpDir, WinDir, AppDataDir, StartupDir, MeDir, UNCHost
Sub GetGloVar()
WhoAmI = CreateObject( "WScript.Network" ).ComputerName & "\" & CreateObject( "WScript.Network" ).UserName ' 使用者信息
TmpDir = CreateObject("Scripting.FileSystemObject").getspecialfolder(2) & "\" ' 临时文件夹路径
WinDir = CreateObject("wscript.Shell").ExpandenVironmentStrings("%windir%") & "\" ' 本机 %Windir% 文件夹路径
AppDataDir = CreateObject("WScript.Shell").SpecialFolders("AppData") & "\" ' 本机 %AppData% 文件夹路径
StartupDir = CreateObject("WScript.Shell").SpecialFolders("Startup") & "\" ' 本机启动文件夹路径
MeDir = Left(WScript.ScriptFullName, InStrRev(WScript.ScriptFullName,"\")) ' 脚本所在文件夹路径
' 脚本位于共享的目录时,取得共享的电脑名(UNCHost),进行位置验证(If UNCHost <> "SerNTF02" Then WScript.Quit) ' 防止拷贝到本地运行
UNCHost = LCase(Mid(WScript.ScriptFullName,InStr(WScript.ScriptFullName,"\\")+2,InStr(3,WScript.ScriptFullName,"\",1)-3))
End Sub
' ====================================================================================================
' 小函数
Sub Sleep( sTime ) ' 延时 sTime 毫秒
WScript.Sleep sTime
End Sub
Sub SendKeys( strKey ) ' 发送按键
CreateObject("WScript.Shell").SendKeys strKey
End Sub
' KeyCode - 按键代码:
' Shift + *Ctrl ^ *Alt % *BACKSP
点击排行
本栏推荐
