Now and then, I experienced the rude shock of discovering that my antivirus software was not running, when I assumed it was. Maybe I had intended to turn it off temporarily, so as not to interfere with a program installation, System Restore, or other activity; or maybe it just crashed. Whatever the reason, I didn’t like it. I did not want to go hours or days without noticing that my antivirus was turned off.
This concern could arise for other software as well. For instance, a user might assume that Firefox or Chrome would always be running, with a tab open to Google Calendar, so as to remind him/her of scheduled events. Generally, there did seem to be a need for a tool or technique that would check to make sure that one or more specified programs were running.
Variations on a search led to at least 1 2 3 4 5 6 sources presenting a number of seemingly well-developed solutions. I decided that I wanted the solution both to restart the antivirus program, if it wasn’t running, and also to notify me that there had been a problem.
I preferred a batch file solution, if possible. Compared to PowerShell and other scripting and programming tools, batch files seemed relatively simple for purposes of everyday fixes. Batch scripts could be complicated, but mine generally weren’t. Note that it would be possible to add, edit, and remove batch file lines at any time, to accommodate new hourly needs.
Eventually I did come up with a batch file solution (below). I called it HOURLY.BAT, and created a Task Scheduler (Windows > WinKey-R > taskschd.msc) task for it. Thus, HOURLY.BAT joined my other batch files running on a schedule (e.g., DAILY.BAT).
Testing for Antivirus
The specific programs I was concerned about were AVG Antivirus and Malwarebytes Anti-malware. This was tricky, insofar as I had just noticed that AVGSvc.exe (the program that I thought was responsible for AVG Antivirus) could be running, but it might be running just to give me a system tray icon that said, “Protection is OFF until your PC restarts.” That was exactly why I needed this batch script: I had no idea how long it had been that way, or why it got there.
When AVG was running, Task Manager (Run > taskmgr) gave me a list of several different AVG processes: AVGUI.exe, AVGSvc.exe, avgsvca.exe, aswidsagenta.exe, and avguix.exe. When I went to the system tray, selected the AVG icon, right-clicked on it, and changed it to “Protection is OFF,” the only one that disappeared was aswidsagenta.exe. So it seemed that was the one I should be testing for. The situation with Malwarebytes was simpler. If Malwarebytes didn’t have a window open onscreen, then Task Manager showed it as having only one running process, MBAMService.exe, and that disappeared when I went to the system tray and selected Quit Malwarebytes.
Eventually I found was that AVG was always running, except when it wasn’t; and when it wasn’t, I couldn’t get it to cooperate, so ultimately I uninstalled it and went with Avira instead. When Avira was running, I found these processes running in Task Manager with the Avira icon and/or name: avshadow.exe, avguard.exe, sched.exe, Avira.Systray.exe, Avira.ServiceHost.exe, avgnt.exe, and Avira.SoftwareUpdater.ServiceHost.exe. When I went to system tray > Avira icon > right-click > uncheck Enable Real-Time Protection, those processes all continued to run; the only visible change was in the icon for Avira.Systray.exe. In Task Manager, I saw that avguard.exe seemed to be using more system resources (i.e., CPU and memory) than any other, so I revised the batch file to test for avguard.exe. That seemed to work.
Keeping It Small
As I say, I came up with a batch file and called it HOURLY.BAT; and then I created a task of that same name in Task Scheduler, and adjusted its Task Scheduler properties so that it would run every hour. That created another problem: HOURLY.BAT would open in a full CMD window. I didn’t want that. Every hour, that full window would distract me, obscure what I was looking at, and sometimes even steal keystrokes. I wanted that batch file to run in a hidden or minimized way. For that purpose, a search led to various suggestions, including these:
- ComputerHope essentially recommended altering the Task Scheduler entry as follows: (1) the Program/script entry should be CMD.EXE, (2) the Add Arguments box should contain this: /c start /min HOURLY.BAT ^& exit, and (3) the Start In box should contain the path leading to the folder where HOURLY.BAT was stored. That worked for me. Its only sign of activity was a momentary addition to the taskbar, as the batch file executed and then quit.
- A StackOverflow webpage offered multiple solutions, of which the easiest seemed to be to create a shortcut to the batch file and then run the shortcut via Task Scheduler.
- Another StackOverflow webpage suggested using NirCMD exec hide “D:\Some Folder\Batch File.bat”
I had the best luck with that last suggestion. The last line of HOURLY.BAT (below) uses NirCMD to run another batch file hidden. I think I needed to have a copy of nircmd.exe in C:\Windows to make NirCMD run. To run HOURLY.BAT hidden, I had to enter the relevant NirCMD parameters in the Task Scheduler dialog, as shown here:
The “Start in” folder is the place where HOURLY.BAT is stored.
The Batch File
The current version of HOURLY.BAT is shown below. Note that it tests to verify that the aforementioned antivirus programs are running, and it also does a few other things each hour. For instance, it creates a file called TodaysDate.txt, whose timestamp indicates the last time HOURLY.BAT ran. I found this file useful for telling me when a backup actually took place. It also corrects some of the unwanted (but constant) Windows 10 file renaming. Of course, it could do other things as desired.
:: This is HOURLY.BAT @echo off :: ********** Verify that Malwarebytes is running ********** SETLOCAL EnableExtensions set EXE=MBAMService.exe FOR /F %%x IN ('tasklist /NH /FI "IMAGENAME eq %EXE%"') DO IF %%x == %EXE% goto AVIRA :: Malwarebytes is not running; try to restart it start "" "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" cls :: Pause with a notification echo. echo. echo Malwarebytes had to be restarted. Not sure if it's running now. echo. echo. echo Press any key to continue. pause >nul :: ********** Verify that Avira is running ********** :AVIRA set EXE=avguard.exe FOR /F %%x IN ('tasklist /NH /FI "IMAGENAME eq %EXE%"') DO IF %%x == %EXE% goto ONWARD :: Avira is not running; try to restart it start "" "C:\Program Files (x86)\Avira\Antivirus\avguard.exe" cls :: Pause with a notification echo. echo. echo Avira had to be restarted. Not sure if it's running now. echo. echo. echo Press any key to continue. pause >nul :: ********** Other Hourly Tasks ********** :ONWARD :: Create a file whose date and time will show the date and time of files being backed up del D:\TodaysDate.txt echo Today is %date% > D:\TodaysDate.txt :: Rename incorrectly named files and folders if exist D:\Pictures ren D:\Pictures Current :: Delete unwanted files and folders rd /s /q "D:\Current\Camera Roll" rd /s /q "D:\Current\Custom Office Templates" rd /s /q "D:\Current\Saved Pictures" rd /s /q "X:\Start Menu\Programs\Administrative Tools" attrib -r -s -h -a "D:\Current\desktop.ini" && del /f "D:\Current\desktop.ini" :: Run another batch file hidden nircmd exec hide "X:\Some Folder\Batch File.bat"
The odd location for Start Menu is due to my preference for a portable Start Menu.