Execute WMI at different namespace - Roliat - 03-26-2018


I'm trying to set up a wmi module that returns the name of the Antivirus-Product. Therefore, I use this query from unix wmic-CLI:

wmic -U [domain]/Administrator%password //192.168.xx.xx "select displayname FROM AntiVirusProduct" --namespace=root\\SecurityCenter2

This query executes successfully and returns the name of the av-product of the given remote-host.

CLASS: AntiVirusProduct
Windows Defender|{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

When I create a new WMI-module via pandora_console, I enter all fields (query, namespace, login) corresponding to the query above. Note: the length of the namepace-field in html-form is only 20 chars long, need to update this value via DOM-Feature of firefox/chrome. But when done, I can enter more than 20 chars. This also needs to be fixed.

Anyway. After creating that module, the variable is still at "not initialized" state. I don't know what to do. I tried \\root\SecurityCenter2 and \root\SecurityCenter2 and other combinations. It seems, that "namespace" isn't respected at all. So I checked the "functions_wmi.php" at the "include" folder (just quickly overflew it), but couldn't find an error.

Can you help me please...? Thanks in advance!

Ok - got it working. In the "namespace"-field of the html input form, you have to use a "/" instead of "\", so that the namespace-string looks like this: "root/SecurityCenter2".

So, there is only one problem left: the maxlength-value of the namespace-field in the html input form. It can be temporarily modified via dev-console (ff/chrome), but that's not a long-term solution. But this fix should be last less than a minute for the pandora-dev-team Wink

RE: Execute WMI at different namespace - fraguas - 03-27-2018

Good morningĀ  Roliat :

Probably, if the module isnt initialized, maybe your sintaxis is wrong (for example: \ instead /, the space between '' and the content..)

Respecting the other doubt, we are gonna study as soon we can.

If you have doubts or problem, dont hesitate to contact with me again.

Best regards,