A Batch File to Check Up on Antivirus (or Other) Software

Now and then, I experienced the rude shock of discovering that my antivirus software was not running, when I assumed it was. Maybe I had intended to turn it off temporarily, so as not to interfere with a program installation, System Restore, or other activity; or maybe it just crashed. Whatever the reason, I didn’t like it. I did not want to go hours or days without noticing that my antivirus was turned off.

This concern could arise for other software as well. For instance, a user might assume that Firefox or Chrome would always be running, with a tab open to Google Calendar, so as to remind him/her of scheduled events. Generally, there did seem to be a need for a tool or technique that would check to make sure that one or more specified programs were running.

Variations on a search led to at least 1 2 3 4 5 6 sources presenting a number of seemingly well-developed solutions. I decided that I wanted the solution both to restart the antivirus program, if it wasn’t running, and also to notify me that there had been a problem.

I preferred a batch file solution, if possible. Compared to PowerShell and other scripting and programming tools, batch files seemed relatively simple for purposes of everyday fixes. Batch scripts could be complicated, but mine generally weren’t. Note that it would be possible to add, edit, and remove batch file lines at any time, to accommodate new hourly needs.

The specific programs I was concerned about were AVG Antivirus and Malwarebytes Anti-malware. This was tricky, insofar as I had just noticed that AVGSvc.exe (the program that I thought was responsible for AVG Antivirus) could be running, but it might be running just to give me a system tray icon that said, “Protection is OFF until your PC restarts.” That was exactly why I needed this batch script: I had no idea how long it had been that way, or why it got there.

When AVG was running, Task Manager (Run > taskmgr) gave me a list of several different AVG processes: AVGUI.exe, AVGSvc.exe, avgsvca.exe, aswidsagenta.exe, and avguix.exe. When I went to the system tray, selected the AVG icon, right-clicked on it, and changed it to “Protection is OFF,” the only one that disappeared was aswidsagenta.exe. So it seemed that was the one I should be testing for. The situation with Malwarebytes was simpler. If Malwarebytes didn’t have a window open onscreen, then Task Manager showed it as having only one running process, MBAMService.exe, and that disappeared when I went to the system tray and selected Quit Malwarebytes.

From some unknown source(s), I had already come up with most of the batch file commands needed for the job. At this point, I modified them to produce the following:

:: This is VERIFYRUNNING.BAT

:: This batch file verifies that specified security programs are running.

@echo off
SETLOCAL EnableExtensions

:: ********** Test for AVG Antivirus **********

set EXE=aswidsagenta.exe
FOR /F %%x IN ('tasklist /NH /FI "IMAGENAME eq %EXE%"') DO IF %%x == %EXE% goto MBAM

:: AVG is not running; try to restart it
start "" "C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe"
cls

:: Pause with a notification
echo.
echo.
echo AVG had to be restarted. Not sure if it's running now.
echo.
echo.
echo Press any key to proceed to test Malwarebytes.
pause >nul

:MBAM

:: ********** Test for Malwarebytes **********

set EXE=MBAMService.exe
FOR /F %%x IN ('tasklist /NH /FI "IMAGENAME eq %EXE%"') DO IF %%x == %EXE% goto FIN

:: Malwarebytes is not running; try to restart it
start "" "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
cls

:: Pause with a notification
echo.
echo.
echo Malwarebytes had to be restarted. Not sure if it's running now.
echo.
echo.
echo Press any key to close this window.
pause >nul

:FIN

This batch file was designed for just those two programs, but obviously it could be shrunk or enlarged to test any number of running processes.

I set Task Scheduler (Run > taskschd.msc) to run this VERIFYRUNNING.BAT batch file once an hour. It seemed to work, in the sense that it did detect when the specified AVG file was not running. The upshot was that AVG was always running, except when it wasn’t; and when it wasn’t, I couldn’t get it to cooperate, so ultimately I uninstalled it and went with Avira instead. When Avira was running, I found these processes running in Task Manager with the Avira icon and/or name: avshadow.exe, avguard.exe, sched.exe, Avira.Systray.exe, Avira.ServiceHost.exe, avgnt.exe, and Avira.SoftwareUpdater.ServiceHost.exe. When I went to system tray > Avira icon > right-click > uncheck Enable Real-Time Protection, those processes all continued to run; the only visible change was in the icon for Avira.Systray.exe. In Task Manager, I saw that avguard.exe seemed to be using more system resources (i.e., CPU and memory) than any other, so I revised the batch file to test for avguard.exe.

Later, I found that there were one or two other tasks that I also wanted to run every hour, so I renamed the file and reconfigured the Task Scheduler task to be HOURLY.BAT. At that point, this little project joined my other batch files running on a schedule (e.g., DAILY.BAT).

There was another thing that I needed to fix. HOURLY.BAT would open in a full CMD window. I didn’t want that. Every hour, the window would distract me, obscure what I was looking at, and sometimes even steal keystrokes. I wanted that batch file to run in a hidden or minimized way. For that purpose, a search led to various suggestions, including these:

  • ComputerHope essentially recommended altering the Task Scheduler entry as follows: (1) the Program/script entry should be CMD.EXE, (2) the Add Arguments box should contain this: /c start /min HOURLY.BAT ^& exit, and (3) the Start In box should contain the path leading to the folder where HOURLY.BAT was stored. That worked for me. Its only sign of activity was a momentary addition to the taskbar, as the batch file executed and then quit.
  • A StackOverflow webpage offered multiple solutions, of which the easiest seemed to be to create a shortcut to the batch file and then run the shortcut via Task Scheduler.
  • Another StackOverflow webpage suggested using NirCMD exec hide “D:\Some Folder\Batch File.bat”

 

Advertisements
This entry was posted in Uncategorized and tagged , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s