├── Capture ├── 1.PNG ├── 2.PNG ├── 3.PNG ├── 4.PNG └── Capture5.png ├── README.md ├── WhatAV.py ├── whatav.cna └── av.json /Capture/1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StudyCat404/WhatAV/HEAD/Capture/1.PNG -------------------------------------------------------------------------------- /Capture/2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StudyCat404/WhatAV/HEAD/Capture/2.PNG -------------------------------------------------------------------------------- /Capture/3.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StudyCat404/WhatAV/HEAD/Capture/3.PNG -------------------------------------------------------------------------------- /Capture/4.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StudyCat404/WhatAV/HEAD/Capture/4.PNG -------------------------------------------------------------------------------- /Capture/Capture5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StudyCat404/WhatAV/HEAD/Capture/Capture5.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # WhatAV 2 | windows pc端杀毒软件识别(需要tasklist 命令执行的结果) 3 | 也许提权或者上传其他利用程序之前,你想通过tasklist来判断目标服务器安装了什么杀毒软件,好进行针对性免杀。我从网络上收集了一些杀毒软件的名称及其进程名还有官网地址(一共112款国内外杀毒软件,401个进程名),写出python脚本方便日后查询。 4 | # 截图 5 | ![截图1](./Capture/1.PNG) 6 | ![截图2](./Capture/3.PNG) 7 | ![截图2](./Capture/Capture5.png) 8 | 9 | -------------------------------------------------------------------------------- /WhatAV.py: -------------------------------------------------------------------------------- 1 | # coding : utf-8 2 | 3 | import json 4 | import re 5 | import argparse 6 | 7 | def logo(): 8 | print(""" 9 | _____ _ _ _____ _ 10 | / ____| | | | / ____| | | 11 | | (___ | |_ _ _ __| |_ _| | __ _| |_ 12 | \___ \| __| | | |/ _` | | | | | / _` | __| 13 | ____) | |_| |_| | (_| | |_| | |___| (_| | |_ 14 | |_____/ \__|\__,_|\__,_|\__, |\_____\__,_|\__| 15 | __/ | 16 | |___/ 17 | 18 | https://www.cnblogs.com/StudyCat/ 19 | 20 | """) 21 | 22 | def loadApps(file): 23 | try: 24 | with open(file,"r",encoding='utf-8') as f: 25 | contents = f.read() 26 | return json.loads(contents) 27 | except Exception as e: 28 | print(e) 29 | return 30 | 31 | def parseTasklist(file): 32 | with open(file,"r") as f: 33 | output = f.read() 34 | if output: 35 | result = pattern.findall(output) 36 | if result: 37 | return result 38 | return 39 | 40 | def addDetected(av,process,url): 41 | global scanResult 42 | if av not in scanResult.keys(): 43 | scanResult[av] = {} 44 | scanResult[av]["processes"] = [] 45 | scanResult[av]["url"] = "" 46 | 47 | scanResult[av]["processes"].append(process) 48 | scanResult[av]["url"] = url 49 | 50 | def whatAV(task): 51 | for av in apps.keys(): 52 | for process in apps[av]["processes"]: 53 | if process.lower() == task.lower(): 54 | addDetected(av,task,apps[av]["url"]) 55 | 56 | def get_args(): 57 | global args 58 | 59 | parser = argparse.ArgumentParser('sameIP.py', formatter_class=lambda prog:argparse.HelpFormatter(prog,max_help_position=40)) 60 | parser.add_argument('-f', '--file', help='File containing tasklist output', dest='file', required=False) 61 | parser.add_argument('-p', '--process', help='Process name', dest='process', required=False) 62 | args = parser.parse_args() 63 | 64 | def main(): 65 | global apps,pattern,scanResult 66 | scanResult = {} 67 | apps = loadApps("av.json") 68 | 69 | if args.file: 70 | pattern = re.compile(".+\.exe",re.I) 71 | tasklist = parseTasklist(args.file) 72 | 73 | if tasklist: 74 | tasklist = list(set(tasklist)) 75 | for task in tasklist: 76 | whatAV(task) 77 | 78 | if args.process: 79 | whatAV(args.process) 80 | 81 | if scanResult: 82 | for av in scanResult.keys(): 83 | print("Antivirus: %s\tProcess: %s\tURL: %s" % (av," , ".join(scanResult[av]["processes"]),scanResult[av]["url"])) 84 | else: 85 | print("No Antivirus found") 86 | 87 | if __name__ == "__main__": 88 | logo() 89 | get_args() 90 | main() 91 | -------------------------------------------------------------------------------- /whatav.cna: -------------------------------------------------------------------------------- 1 | #author: studycat 2 | #blog: https://www.cnblogs.com/studycat 3 | #github: https://github.com/StudyCat404 4 | #teston: CS 4.0 & Windows 5 | #update: 20201129 6 | 7 | $db = %( 8 | ALYac => %( processes => @("aylaunch.exe","ayupdate2.exe","AYRTSrv.exe","AYAgent.exe",), url => "https://en.estsecurity.com/"), 9 | AVG => %( processes => @("AVGSvc.exe","AVGUI.exe","avgwdsvc.exe","avg.exe","avgaurd.exe","avgemc.exe","avgrsx.exe","avgserv.exe","avgw.exe",), url => "https://www.avg.com/"), 10 | Acronis => %( processes => @("arsm.exe","acronis_license_service.exe",), url => "https://www.acronis.com/"), 11 | Ad-Aware => %( processes => @("AdAwareService.exe","Ad-Aware.exe","AdAware.exe",), url => "https://www.adaware.com/"), 12 | AhnLab-V3 => %( processes => @("patray.exe","V3Svc.exe",), url => "https://global.ahnlab.com/site/main.do"), 13 | Arcabit => %( processes => @("arcavir.exe","arcadc.exe","ArcaVirMaster.exe","ArcaMainSV.exe","ArcaTasksService.exe",), url => "https://www.arcabit.pl"), 14 | Avast => %( processes => @("ashDisp.exe","AvastUI.exe","AvastSvc.exe","AvastBrowser.exe","AfwServ.exe",), url => "https://www.avast.com"), 15 | Avira AntiVirus => %( processes => @("avcenter.exe","avguard.exe","avgnt.exe","sched.exe",), url => "https://www.avira.com/"), 16 | Baidu Antivirus => %( processes => @("BaiduSdSvc.exe","BaiduSdTray.exe","BaiduSd.exe","bddownloader.exe","baiduansvx.exe",), url => "https://anquan.baidu.com/"), 17 | BitDefender => %( processes => @("Bdagent.exe","BitDefenderCom.exe","vsserv.exe","bdredline.exe","bdservicehost.exe",), url => "http://www.bitdefender.com/"), 18 | Bkav => %( processes => @("BKavService.exe","Bka.exe","BkavUtil.exe","BLuPro.exe",), url => "https://www.bkav.com/"), 19 | CAT-QuickHeal => %( processes => @("QUHLPSVC.exe","onlinent.exe","sapissvc.exe","scanwscs.exe",), url => "https://www.quickheal.com/"), 20 | ClamAV => %( processes => @("freshclam.exe",), url => "https://www.clamav.net"), 21 | Comodo => %( processes => @("cpf.exe","cavwp.exe","ccavsrv.exe","cmdvirth.exe",), url => "https://www.comodo.com"), 22 | CrowdStrike Falcon => %( processes => @("csfalconservice.exe","CSFalconContainer.exe",), url => "https://www.crowdstrike.com"), 23 | Cybereason => %( processes => @("CybereasonRansomFree.exe","CybereasonRansomFreeServiceHost.exe","CybereasonAV.exe",), url => "https://www.cybereason.com/"), 24 | Cylance => %( processes => @("CylanceSvc.exe",), url => "https://www.cylance.com"), 25 | Cyren => %( processes => @("vsedsps.exe","vseamps.exe","vseqrts.exe",), url => "http://www.cyren.com/"), 26 | DrWeb => %( processes => @("drwebcom.exe","spidernt.exe","drwebscd.exe","drweb32w.exe","dwengine.exes",), url => "https://www.drweb.com/"), 27 | ESET-NOD32 => %( processes => @("egui.exe","ecls.exe","ekrn.exe","eguiProxy.exe","EShaSrv.exe",), url => "https://www.eset.com/us/home/antivirus/"), 28 | Emsisoft => %( processes => @("a2cmd.exe","a2guard.exe",), url => "https://www.emsisoft.com/"), 29 | Endgame => %( processes => @("endgame.exe",), url => "https://www.endgame.com/"), 30 | F-Prot => %( processes => @("F-PROT.exe","FProtTray.exe","FPAVServer.exe","f-stopw.exe","f-prot95.exe","f-agnt95.exe",), url => "http://f-prot.com/"), 31 | F-Secure => %( processes => @("f-secure.exe","fssm32.exe","Fsorsp64.exe","fsavgui.exe","fameh32.exe","fch32.exe","fih32.exe","fnrb32.exe","fsav32.exe","fsma32.exe","fsmb32.exe",), url => "https://www.f-secure.com"), 32 | FireEye => %( processes => @("xagtnotif.exe","xagt.exe",), url => "https://www.fireeye.com/"), 33 | Fortinet => %( processes => @("FortiClient.exe","FortiTray.exe","FortiScand.exe",), url => "https://fortiguard.com/"), 34 | GData => %( processes => @("AVK.exe","avkcl.exe","avkpop.exe","avkservice.exe","GDScan.exe","AVKWCtl.exe","AVKProxy.exe","AVKBackupService.exe",), url => "https://www.gdatasoftware.com/"), 35 | Ikarus => %( processes => @("guardxservice.exe","guardxkickoff.exe",), url => "https://www.ikarussecurity.com/"), 36 | Jiangmin => %( processes => @("KVFW.exe","KVsrvXP.exe","KVMonXP.exe","KVwsc.exe",), url => "https://www.jiangmin.com/"), 37 | K7AntiVirus => %( processes => @("K7TSecurity.exe","K7TSMain.Exe","K7TSUpdT.exe",), url => "http://viruslab.k7computing.com/"), 38 | Kaspersky => %( processes => @("avp.exe","avpcc.exe","avpm.exe","kavpf.exe","kavfs.exe","klnagent.exe","kavtray.exe","kavfswp.exe",), url => "https://www.kaspersky.com"), 39 | Kingsoft => %( processes => @("kxetray.exe","ksafe.exe","KSWebShield.exe","kpfwtray.exe","KWatch.exe","KSafeSvc.exe","KSafeTray.exe",), url => "http://www.duba.net/"), 40 | Max Secure Software => %( processes => @("SDSystemTray.exe","MaxRCSystemTray.exe","RCSystemTray.exe",), url => "https://www.maxpcsecure.com/"), 41 | Malwarebytes => %( processes => @("MBAMService.exe","mbam.exe","mbamtray.exe",), url => "https://www.malwarebytes.com/"), 42 | McAfee => %( processes => @("Mcshield.exe","Tbmon.exe","Frameworkservice.exe","firesvc.exe","firetray.exe","hipsvc.exe","mfevtps.exe","mcafeefire.exe","shstat.exe","vstskmgr.exe","engineserver.exe","alogserv.exe","avconsol.exe","cmgrdian.exe","cpd.exe","mcmnhdlr.exe","mcvsshld.exe","mcvsrte.exe","mghtml.exe","mpfservice.exe","mpfagent.exe","mpftray.exe","vshwin32.exe","vsstat.exe","guarddog.exe",), url => "https://www.mcafee.com/en-us"), 43 | Microsoft defender => %( processes => @("MsMpEng.exe","mssecess.exe","emet_service.exe","drwatson.exe","MpCmdRun.exe","NisSrv.exe","MsSense.exe","MSASCui.exe","MSASCuiL.exe","SecurityHealthService.exe",), url => "https://support.microsoft.com/"), 44 | NANO-Antivirus => %( processes => @("nanoav.exe","nanoav64.exe","nanoreport.exe","nanoreportc.exe","nanoreportc64.exe","nanorst.exe","nanosvc.exe",), url => "https://nano-av.com/"), 45 | a-squared free => %( processes => @("a2guard.exe","a2free.exe","a2service.exe",), url => "https://baike.baidu.com/item/a-squared%20Free/481873?fr=aladdin"), 46 | Palo Alto Networks => %( processes => @("PanInstaller.exe",), url => "https://www.paloaltonetworks.com/"), 47 | Panda Security => %( processes => @("remupd.exe","apvxdwin.exe","pavproxy.exe","pavsched.exe",), url => "https://www.pandasecurity.com/"), 48 | Qihoo-360 => %( processes => @("360sd.exe","360tray.exe","ZhuDongFangYu.exe","360rp.exe","360safe.exe","360safebox.exe","QHActiveDefense.exe","360skylarsvc.exe","LiveUpdate360.exe",), url => "https://sd.360.cn/"), 49 | Rising => %( processes => @("RavMonD.exe","rfwmain.exe","RsMgrSvc.exe",), url => "http://antivirus.rising.com.cn/"), 50 | SUPERAntiSpyware => %( processes => @("superantispyware.exe","sascore.exe","SAdBlock.exe","sabsvc.exe",), url => "http://www.superadblocker.com/"), 51 | SecureAge APEX => %( processes => @("UniversalAVService.exe","EverythingServer.exe","clamd.exe",), url => "https://www.secureage.com/"), 52 | SentinelOne (Static ML) => %( processes => @(), url => "https://www.sentinelone.com/"), 53 | Sophos AV => %( processes => @("SavProgress.exe","SophosUI.exe","SophosFS.exe","SophosHealth.exe","SophosSafestore64.exe","SophosCleanM.exe","icmon.exe","SavMain.exe",), url => "https://www.sophos.com/"), 54 | Symantec => %( processes => @("ccSetMgr.exe","ccapp.exe","vptray.exe","ccpxysvc.exe","cfgwiz.exe","smc.exe","symproxysvc.exe","vpc32.exe","lsetup.exe","luall.exe","lucomserver.exe","sbserv.exe","ccEvtMgr.exe",), url => "http://www.symantec.com/"), 55 | TACHYON => %( processes => @(), url => "https://www.tachyonlab.com/en/index.html"), 56 | Tencent => %( processes => @("QQPCRTP.exe","QQPCTray.exe","QQPCMgr.exe","QQPCNetFlow.exe","QQPCRealTimeSpeedup.exe",), url => "https://guanjia.qq.com"), 57 | TotalDefense => %( processes => @("AMRT.exe","SWatcherSrv.exe","Prd.ManagementConsole.exe",), url => "https://www.totaldefense.com"), 58 | Trapmine => %( processes => @("TrapmineEnterpriseService.exe","TrapmineEnterpriseConfig.exe","TrapmineDeployer.exe","TrapmineUpgradeService.exe",), url => "https://trapmine.com/"), 59 | TrendMicro => %( processes => @("TMBMSRV.exe","ntrtscan.exe","Pop3Trap.exe","WebTrap.exe","PccNTMon.exe",), url => "http://careers.trendmicro.com.cn/"), 60 | VIPRE => %( processes => @("SBAMSvc.exe","VipreEdgeProtection.exe","SBAMTray.exe",), url => "https://www.vipre.com"), 61 | ViRobot => %( processes => @("vrmonnt.exe","vrmonsvc.exe","Vrproxyd.exe",), url => "http://www.hauri.net/"), 62 | Webroot => %( processes => @("npwebroot.exe","WRSA.exe","spysweeperui.exe",), url => "https://www.webroot.com/us/en"), 63 | Yandex => %( processes => @("Yandex.exe","YandexDisk.exe","yandesk.exe",), url => "https://yandex.com/support/common/security/antiviruses-free.html"), 64 | Zillya => %( processes => @("zillya.exe","ZAVAux.exe","ZAVCore.exe",), url => "https://zillya.com"), 65 | ZoneAlarm => %( processes => @("vsmon.exe","zapro.exe","zonealarm.exe",), url => "https://www.zonealarm.com/"), 66 | Zoner => %( processes => @("ZPSTray.exe",), url => "https://zonerantivirus.com/"), 67 | eGambit => %( processes => @("dasc.exe","dastray.exe","memscan64.exe","dastray.exe",), url => "https://egambit.app/en/"), 68 | eScan => %( processes => @("consctl.exe","mwaser.exe","avpmapp.exe",), url => "https://www.escanav.com/"), 69 | Lavasoft => %( processes => @("AAWTray.exe","LavasoftTcpService.exe","AdAwareTray.exe","WebCompanion.exe","WebCompanionInstaller.exe","adawarebp.exe",), url => "https://www.lavasoft.com/"), 70 | The Cleaner => %( processes => @("cleaner8.exe",), url => ""), 71 | VBA32 => %( processes => @("vba32lder.exe",), url => "http://www.anti-virus.by/en/index.shtml"), 72 | Mongoosa => %( processes => @("MongoosaGUI.exe","mongoose.exe",), url => "https://www.securitymongoose.com/"), 73 | Coranti2012 => %( processes => @("CorantiControlCenter32.exe",), url => "https://www.coranti.com"), 74 | UnThreat => %( processes => @("UnThreat.exe","utsvc.exe",), url => "https://softplanet.com/UnThreat-AntiVirus"), 75 | Shield Antivirus => %( processes => @("CKSoftShiedAntivirus4.exe","shieldtray.exe",), url => "https://shieldapps.com/supportmain/shield-antivirus-support/"), 76 | VIRUSfighter => %( processes => @("AVWatchService.exe","vfproTray.exe",), url => "https://www.spamfighter.com/VIRUSfighter/"), 77 | Immunet => %( processes => @("iptray.exe",), url => "https://www.immunet.com/index"), 78 | PSafe => %( processes => @("PSafeSysTray.exe","PSafeCategoryFinder.exe","psafesvc.exe",), url => "https://www.psafe.com/"), 79 | nProtect => %( processes => @("nspupsvc.exe","Npkcmsvc.exe","npnj5Agent.exe",), url => "http://nos.nprotect.com/"), 80 | Spyware Terminator => %( processes => @("SpywareTerminatorShield.exe","SpywareTerminator.exe",), url => "http://www.spywareterminator.com/Default.aspx"), 81 | Norton => %( processes => @("ccSvcHst.exe","rtvscan.exe","ccapp.exe","NPFMntor.exe","ccRegVfy.exe","vptray.exe","iamapp.exe","nav.exe","navapw32.exe","navapsvc.exe","nisum.exe","nmain.exe","nprotect.exe","smcGui.exe",), url => "https://us.norton.com/"), 82 | Safedog => %( processes => @("safedog.exe","SafeDogGuardCenter.exe","safedogupdatecenter.exe","safedogguardcenter.exe","SafeDogSiteIIS.exe","SafeDogTray.exe","SafeDogServerUI.exe",), url => "http://www.safedog.cn/"), 83 | micropoint => %( processes => @("MPMon.exe",), url => "http://www.micropoint.com.cn/"), 84 | D Safe => %( processes => @("D_Safe_Manage.exe","d_manage.exe",), url => "http://www.d99net.net/"), 85 | Yunsuo => %( processes => @("yunsuo_agent_service.exe","yunsuo_agent_daemon.exe",), url => "https://www.yunsuo.com.cn/"), 86 | HWS => %( processes => @("HwsPanel.exe","hws_ui.exe","hws.exe","hwsd.exe",), url => "https://www.hws.com/"), 87 | Huorong => %( processes => @("hipstray.exe","wsctrl.exe","usysdiag.exe","HipsDaemon.exe","HipsLog.exe","HipsMain.exe","usysdiag.exe","wsctrl.exe",), url => "https://www.huorong.cn/"), 88 | SPHINX firewall => %( processes => @("SPHINX.exe",), url => ""), 89 | Enhanced Mitigation Experience Toolkit => %( processes => @("emet_agent.exe","emet_service.exe",), url => "https://www.microsoft.com/"), 90 | H+BEDV Datentechnik GmbH => %( processes => @("avwin.exe","avwupsrv.exe",), url => "http://www.free-av.com/"), 91 | IBM ISS Proventia => %( processes => @("blackd.exe","rapapp.exe",), url => ""), 92 | eEye Digital Security => %( processes => @("eeyeevnt.exe","blink.exe",), url => ""), 93 | TamoSoft => %( processes => @("cv.exe","ent.exe",), url => "https://www.tamos.com/"), 94 | Kerio Personal Firewall => %( processes => @("persfw.exe","wrctrl.exe",), url => "http://www.kerio.com/"), 95 | Simplysup => %( processes => @("Trjscan.exe",), url => "https://www.simplysup.com/"), 96 | PC Tools AntiVirus => %( processes => @("PCTAV.exe","pctsGui.exe",), url => "http://www.pctools.com"), 97 | VirusBuster Professional => %( processes => @("vbcmserv.exe",), url => "http://www.virusbuster.hu"), 98 | ClamWin => %( processes => @("ClamTray.exe","clamscan.exe",), url => "http://www.clamwin.com/"), 99 | Antiy-AVL => %( processes => @("kxetray.exe","kscan.exe","AMediumManager.exe","kismain.exe",), url => "https://antiy.cn/"), 100 | CMC => %( processes => @("CMCTrayIcon.exe","CMCNECore.exe","cmcepagent.exe","cmccore.exe","CMCLog.exe","CMCFMon.exe",), url => "https://cmccybersecurity.com/giai-phap/"), 101 | Kingsoft => %( processes => @("kxescore.exe","kupdata.exe","kxetray.exe","kwsprotect64.exe",), url => "http://www.ijinshan.com/"), 102 | Agnitum outpost => %( processes => @("outpost.exe","acs.exe",), url => "https://agnitum-outpost-security-suite.en.softonic.com/"), 103 | Cynet => %(processes => @("CynetLauncher.exe","CynetDS.exe","CynetEPS.exe","CynetMS.exe","CynetAR.exe","CynetGW.exe","CynetSD64.exe"), url => "https://www.cynet.com/"), 104 | Elastic => %(processes => @("winlogbeat.exe"), url => "https://www.elastic.co/"), 105 | MaxSecure => %(processes => @("MaxAVPlusDM.exe","MaxRCSystemTray.exe","RCSystemTray.exe","SDSystemTray.exe","LiveUpdateSD.exe"), url => "https://maxsecureantivirus.com/") 106 | ); 107 | 108 | command foo { 109 | println($db) 110 | } 111 | 112 | alias("whatav", { 113 | bps($1, &bwhatav); 114 | }); 115 | 116 | sub bwhatav { 117 | local('$flag $h1 $h2 $h3'); 118 | $flag = 0; 119 | @array = @("test"); 120 | 121 | $a = split("\n",$2); 122 | foreach $entry ($a){ 123 | $b = split("\t",$entry); 124 | if ($b[0] in @array){ 125 | #pass 126 | }else{ 127 | add(@array, $b[0]); 128 | } 129 | } 130 | 131 | $h1 = "Antivirus"; 132 | $h2 = "Process"; 133 | $h3 = "URL"; 134 | blog2($1, "$[20]h1 $[20]h2 $h3"); 135 | 136 | foreach $t (@array){ 137 | foreach $var (keys($db)){ 138 | foreach $p ($db[$var]["processes"]){ 139 | $url = $db[$var]['url']; 140 | if (lc($p) eq lc($t)){ 141 | $flag = 1; 142 | blog2($1, "\c7$[20]var $[20]t $url"); 143 | break; 144 | } 145 | } 146 | } 147 | } 148 | 149 | if ($flag < 1){ 150 | blog2($1, "\c3No Antivirus found!"); 151 | } 152 | } 153 | -------------------------------------------------------------------------------- /av.json: -------------------------------------------------------------------------------- 1 | { 2 | "ALYac":{ 3 | "processes":["aylaunch.exe","ayupdate2.exe","AYRTSrv.exe","AYAgent.exe"], 4 | "url":"https://en.estsecurity.com/"}, 5 | "AVG":{ 6 | "processes":["AVGSvc.exe","AVGUI.exe","avgwdsvc.exe","avg.exe","avgaurd.exe","avgemc.exe","avgrsx.exe","avgserv.exe","avgw.exe"], 7 | "url":"https://www.avg.com/"}, 8 | "Acronis":{ 9 | "processes":["arsm.exe","acronis_license_service.exe"], 10 | "url":"https://www.acronis.com/"}, 11 | "Ad-Aware":{ 12 | "processes":["AdAwareService.exe","Ad-Aware.exe","AdAware.exe"], 13 | "url":"https://www.adaware.com/"}, 14 | "AhnLab-V3":{ 15 | "processes":["patray.exe","V3Svc.exe"], 16 | "url":"https://global.ahnlab.com/site/main.do"}, 17 | "Arcabit":{ 18 | "processes":["arcavir.exe","arcadc.exe","ArcaVirMaster.exe","ArcaMainSV.exe","ArcaTasksService.exe"], 19 | "url":"https://www.arcabit.pl"}, 20 | "Avast":{ 21 | "processes":["ashDisp.exe","AvastUI.exe","AvastSvc.exe","AvastBrowser.exe","AfwServ.exe"], 22 | "url":"https://www.avast.com"}, 23 | "Avira AntiVirus":{ 24 | "processes":["avcenter.exe","avguard.exe","avgnt.exe","sched.exe"], 25 | "url":"https://www.avira.com/"}, 26 | "Baidu AntiVirus":{ 27 | "processes":["BaiduSdSvc.exe","BaiduSdTray.exe","BaiduSd.exe","bddownloader.exe","baiduansvx.exe"], 28 | "url":"https://anquan.baidu.com/"}, 29 | "BitDefender":{ 30 | "processes":["Bdagent.exe","BitDefenderCom.exe","vsserv.exe","bdredline.exe","bdservicehost.exe"], 31 | "url":"http://www.bitdefender.com/"}, 32 | "Bkav":{ 33 | "processes":["BKavService.exe","Bka.exe","BkavUtil.exe","BLuPro.exe"], 34 | "url":"https://www.bkav.com/"}, 35 | "CAT-QuickHeal":{ 36 | "processes":["QUHLPSVC.exe","onlinent.exe","sapissvc.exe","scanwscs.exe"], 37 | "url":"https://www.quickheal.com/"}, 38 | "CMC":{ 39 | "processes":["CMCTrayIcon.exe"], 40 | "url":"https://cmccybersecurity.com/"}, 41 | "ClamAV":{ 42 | "processes":["freshclam.exe"], 43 | "url":"https://www.clamav.net"}, 44 | "Comodo":{ 45 | "processes":["cpf.exe","cavwp.exe","ccavsrv.exe","cmdvirth.exe"], 46 | "url":"https://www.comodo.com"}, 47 | "CrowdStrike Falcon":{ 48 | "processes":["csfalconservice.exe","CSFalconContainer.exe"], 49 | "url":"https://www.crowdstrike.com"}, 50 | "Cybereason":{ 51 | "processes":["CybereasonRansomFree.exe","CybereasonRansomFreeServiceHost.exe","CybereasonAV.exe"], 52 | "url":"https://www.cybereason.com/"}, 53 | "Cylance":{ 54 | "processes":["CylanceSvc.exe"], 55 | "url":"https://www.cylance.com"}, 56 | "Cyren":{ 57 | "processes":["vsedsps.exe","vseamps.exe","vseqrts.exe"], 58 | "url":"http://www.cyren.com/"}, 59 | "DrWeb":{ 60 | "processes":["drwebcom.exe","spidernt.exe","drwebscd.exe","drweb32w.exe","dwengine.exes"], 61 | "url":"https://www.drweb.com/"}, 62 | "ESET-NOD32":{ 63 | "processes":["egui.exe","ecls.exe","ekrn.exe","eguiProxy.exe","EShaSrv.exe"], 64 | "url":"https://www.eset.com/us/home/antivirus/"}, 65 | "Emsisoft":{ 66 | "processes":["a2cmd.exe","a2guard.exe"], 67 | "url":"https://www.emsisoft.com/"}, 68 | "Endgame":{ 69 | "processes":["endgame.exe"], 70 | "url":"https://www.endgame.com/"}, 71 | "F-Prot":{ 72 | "processes":["F-PROT.exe","FProtTray.exe","FPAVServer.exe","f-stopw.exe","f-prot95.exe","f-agnt95.exe"], 73 | "url":"http://f-prot.com/"}, 74 | "F-Secure":{ 75 | "processes":["f-secure.exe","fssm32.exe","Fsorsp64.exe","fsavgui.exe","fameh32.exe","fch32.exe","fih32.exe","fnrb32.exe","fsav32.exe","fsma32.exe","fsmb32.exe"], 76 | "url":"https://www.f-secure.com"}, 77 | "FireEye":{ 78 | "processes":["xagtnotif.exe","xagt.exe"], 79 | "url":"https://www.fireeye.com/"}, 80 | "Fortinet":{ 81 | "processes":["FortiClient.exe","FortiTray.exe","FortiScand.exe"], 82 | "url":"https://fortiguard.com/"}, 83 | "GData":{ 84 | "processes":["AVK.exe","avkcl.exe","avkpop.exe","avkservice.exe","GDScan.exe","AVKWCtl.exe","AVKProxy.exe","AVKBackupService.exe"], 85 | "url":"https://www.gdatasoftware.com/"}, 86 | "Ikarus":{ 87 | "processes":["guardxservice.exe","guardxkickoff.exe"], 88 | "url":"https://www.ikarussecurity.com/"}, 89 | "Jiangmin":{ 90 | "processes":["KVFW.exe","KVsrvXP.exe","KVMonXP.exe","KVwsc.exe"], 91 | "url":"https://www.jiangmin.com/"}, 92 | "K7AntiVirus":{ 93 | "processes":["K7TSecurity.exe","K7TSMain.Exe","K7TSUpdT.exe"], 94 | "url":"http://viruslab.k7computing.com/"}, 95 | "Kaspersky":{ 96 | "processes":["avp.exe","avpcc.exe","avpm.exe","kavpf.exe","kavfs.exe","klnagent.exe","kavtray.exe","kavfswp.exe"], 97 | "url":"https://www.kaspersky.com"}, 98 | "Kingsoft":{ 99 | "processes":["kxetray.exe","ksafe.exe","KSWebShield.exe","kpfwtray.exe","KWatch.exe","KSafeSvc.exe","KSafeTray.exe"], 100 | "url":"http://www.duba.net/"}, 101 | "Max Secure Software":{ 102 | "processes":["SDSystemTray.exe","MaxRCSystemTray.exe","RCSystemTray.exe"], 103 | "url":"https://www.maxpcsecure.com/"}, 104 | "Malwarebytes":{ 105 | "processes":["MalwarebytesPortable.exe","Mbae.exe","MBAMIService.exe","mbamdor.exe"], 106 | "url":"http://www.malwarebytes.org/"}, 107 | "McAfee":{ 108 | "processes":["Mcshield.exe","Tbmon.exe","Frameworkservice.exe","firesvc.exe","firetray.exe","hipsvc.exe","mfevtps.exe","mcafeefire.exe","shstat.exe","vstskmgr.exe","engineserver.exe","alogserv.exe","avconsol.exe","cmgrdian.exe","cpd.exe","mcmnhdlr.exe","mcvsshld.exe","mcvsrte.exe","mghtml.exe","mpfservice.exe","mpfagent.exe","mpftray.exe","vshwin32.exe","vsstat.exe","guarddog.exe"], 109 | "url":"https://www.mcafee.com/en-us"}, 110 | "Microsoft security essentials":{ 111 | "processes":["MsMpEng.exe","mssecess.exe","emet_service.exe","drwatson.exe","MpCmdRun.exe","NisSrv.exe","MsSense.exe","MSASCui.exe","MSASCuiL.exe","SecurityHealthService.exe"], 112 | "url":"https://support.microsoft.com/en-us/help/17150/windows-7-what-is-microsoft-security-essentials"}, 113 | "NANO-Antivirus":{ 114 | "processes":["nanoav.exe","nanoav64.exe","nanoreport.exe","nanoreportc.exe","nanoreportc64.exe","nanorst.exe","nanosvc.exe"], 115 | "url":"https://nano-av.com/"}, 116 | "a-squared free":{ 117 | "processes":["a2guard.exe","a2free.exe","a2service.exe"], 118 | "url":"https://baike.baidu.com/item/a-squared%20Free/481873?fr=aladdin"}, 119 | "Palo Alto Networks":{ 120 | "processes":["PanInstaller.exe"], 121 | "url":"https://www.paloaltonetworks.com/"}, 122 | "Panda Security":{ 123 | "processes":["remupd.exe","apvxdwin.exe","pavproxy.exe","pavsched.exe"], 124 | "url":"https://www.pandasecurity.com/"}, 125 | "Qihoo-360":{ 126 | "processes":["360sd.exe","360tray.exe","ZhuDongFangYu.exe","360rp.exe","360safe.exe","360safebox.exe","QHActiveDefense.exe","360skylarsvc.exe","LiveUpdate360.exe"], 127 | "url":"https://sd.360.cn/"}, 128 | "Rising":{ 129 | "processes":["RavMonD.exe","rfwmain.exe","RsMgrSvc.exe"], 130 | "url":"http://antivirus.rising.com.cn/"}, 131 | "SUPERAntiSpyware":{ 132 | "processes":["superantispyware.exe","sascore.exe","SAdBlock.exe","sabsvc.exe"], 133 | "url":"http://www.superadblocker.com/"}, 134 | "SecureAge APEX":{ 135 | "processes":["UniversalAVService.exe","EverythingServer.exe","clamd.exe"], 136 | "url":"https://www.secureage.com/"}, 137 | "SentinelOne (Static ML)":{ 138 | "processes":[], 139 | "url":"https://www.sentinelone.com/"}, 140 | "Sophos AV":{ 141 | "processes":["SavProgress.exe","SophosUI.exe","SophosFS.exe","SophosHealth.exe","SophosSafestore64.exe","SophosCleanM.exe","icmon.exe","SavMain.exe"], 142 | "url":"https://www.sophos.com/"}, 143 | "Symantec":{ 144 | "processes":["ccSetMgr.exe","ccapp.exe","vptray.exe","ccpxysvc.exe","cfgwiz.exe","smc.exe","symproxysvc.exe","vpc32.exe","lsetup.exe","luall.exe","lucomserver.exe","sbserv.exe","ccEvtMgr.exe"], 145 | "url":"http://www.symantec.com/"}, 146 | "TACHYON":{ 147 | "processes":[], 148 | "url":"https://www.tachyonlab.com/en/index.html"}, 149 | "Tencent":{ 150 | "processes":["QQPCRTP.exe","QQPCTray.exe","QQPCMgr.exe","QQPCNetFlow.exe","QQPCRealTimeSpeedup.exe"], 151 | "url":"https://guanjia.qq.com"}, 152 | "TotalDefense":{ 153 | "processes":["AMRT.exe","SWatcherSrv.exe","Prd.ManagementConsole.exe"], 154 | "url":"https://www.totaldefense.com"}, 155 | "Trapmine":{ 156 | "processes":["TrapmineEnterpriseService.exe","TrapmineEnterpriseConfig.exe","TrapmineDeployer.exe","TrapmineUpgradeService.exe"], 157 | "url":"https://trapmine.com/"}, 158 | "TrendMicro":{ 159 | "processes":["TMBMSRV.exe","ntrtscan.exe","Pop3Trap.exe","WebTrap.exe","PccNTMon.exe"], 160 | "url":"http://careers.trendmicro.com.cn/"}, 161 | "VIPRE":{ 162 | "processes":["SBAMSvc.exe","VipreEdgeProtection.exe","SBAMTray.exe"], 163 | "url":"https://www.vipre.com"}, 164 | "ViRobot":{ 165 | "processes":["vrmonnt.exe","vrmonsvc.exe","Vrproxyd.exe"], 166 | "url":"http://www.hauri.net/"}, 167 | "Webroot":{ 168 | "processes":["npwebroot.exe","WRSA.exe","spysweeperui.exe"], 169 | "url":"https://www.webroot.com/us/en"}, 170 | "Yandex":{ 171 | "processes":["Yandex.exe","YandexDisk.exe","yandesk.exe"], 172 | "url":"https://yandex.com/support/common/security/antiviruses-free.html"}, 173 | "Zillya":{ 174 | "processes":["zillya.exe","ZAVAux.exe","ZAVCore.exe"], 175 | "url":"https://zillya.com"}, 176 | "ZoneAlarm":{ 177 | "processes":["vsmon.exe","zapro.exe","zonealarm.exe"], 178 | "url":"https://www.zonealarm.com/"}, 179 | "Zoner":{ 180 | "processes":["ZPSTray.exe"], 181 | "url":"https://zonerantivirus.com/"}, 182 | "eGambit":{ 183 | "processes":["dasc.exe","dastray.exe","memscan64.exe","dastray.exe"], 184 | "url":"https://egambit.app/en/"}, 185 | "eScan":{ 186 | "processes":["consctl.exe","mwaser.exe","avpmapp.exe"], 187 | "url":"https://www.escanav.com/"}, 188 | "Lavasoft":{ 189 | "processes":["AAWTray.exe","LavasoftTcpService.exe","AdAwareTray.exe","WebCompanion.exe","WebCompanionInstaller.exe","adawarebp.exe"], 190 | "url":"https://www.lavasoft.com/"}, 191 | "The Cleaner":{ 192 | "processes":["cleaner8.exe"], 193 | "url":""}, 194 | "VBA32":{ 195 | "processes":["vba32lder.exe"], 196 | "url":"http://www.anti-virus.by/en/index.shtml"}, 197 | "Mongoosa":{ 198 | "processes":["MongoosaGUI.exe","mongoose.exe"], 199 | "url":"https://www.securitymongoose.com/"}, 200 | "Coranti2012":{ 201 | "processes":["CorantiControlCenter32.exe"], 202 | "url":"https://www.coranti.com"}, 203 | "UnThreat":{ 204 | "processes":["UnThreat.exe","utsvc.exe"], 205 | "url":"https://softplanet.com/UnThreat-AntiVirus"}, 206 | "Shield Antivirus":{ 207 | "processes":["CKSoftShiedAntivirus4.exe","shieldtray.exe"], 208 | "url":"https://shieldapps.com/supportmain/shield-antivirus-support/"}, 209 | "VIRUSfighter":{ 210 | "processes":["AVWatchService.exe","vfproTray.exe"], 211 | "url":"https://www.spamfighter.com/VIRUSfighter/"}, 212 | "Immunet":{ 213 | "processes":["iptray.exe"], 214 | "url":"https://www.immunet.com/index"}, 215 | "PSafe":{ 216 | "processes":["PSafeSysTray.exe","PSafeCategoryFinder.exe","psafesvc.exe"], 217 | "url":"https://www.psafe.com/"}, 218 | "nProtect":{ 219 | "processes":["nspupsvc.exe","Npkcmsvc.exe","npnj5Agent.exe"], 220 | "url":"http://nos.nprotect.com/"}, 221 | "Spyware Terminator":{ 222 | "processes":["SpywareTerminatorShield.exe","SpywareTerminator.exe"], 223 | "url":"http://www.spywareterminator.com/Default.aspx"}, 224 | "Norton":{ 225 | "processes":["ccSvcHst.exe","rtvscan.exe","ccapp.exe","NPFMntor.exe","ccRegVfy.exe","vptray.exe","iamapp.exe","nav.exe","navapw32.exe","navapsvc.exe","nisum.exe","nmain.exe","nprotect.exe","smcGui.exe"], 226 | "url":"https://us.norton.com/"}, 227 | "可牛杀毒":{ 228 | "processes":["knsdtray.exe"], 229 | "url":"https://baike.baidu.com/item/%E5%8F%AF%E7%89%9B%E5%85%8D%E8%B4%B9%E6%9D%80%E6%AF%92%E8%BD%AF%E4%BB%B6"}, 230 | "流量矿石":{ 231 | "processes":["Miner.exe"], 232 | "url":"https://jiaoyi.yunfan.com/"}, 233 | "safedog":{ 234 | "processes":["safedog.exe","SafeDogGuardCenter.exe","safedogupdatecenter.exe","safedogguardcenter.exe","SafeDogSiteIIS.exe","SafeDogTray.exe","SafeDogServerUI.exe"], 235 | "url":"http://www.safedog.cn/"}, 236 | "木马克星":{ 237 | "processes":["parmor.exe","Iparmor.exe"], 238 | "url":"https://baike.baidu.com/item/%E6%9C%A8%E9%A9%AC%E5%85%8B%E6%98%9F/2979824?fr=aladdin"}, 239 | "贝壳云安全":{ 240 | "processes":["beikesan.exe"], 241 | "url":""}, 242 | "木马猎手":{ 243 | "processes":["TrojanHunter.exe"], 244 | "url":""}, 245 | "巨盾网游安全盾":{ 246 | "processes":["GG.exe"], 247 | "url":""}, 248 | "绿鹰安全精灵":{ 249 | "processes":["adam.exe"], 250 | "url":"https://baike.baidu.com/item/%E7%BB%BF%E9%B9%B0%E5%AE%89%E5%85%A8%E7%B2%BE%E7%81%B5"}, 251 | "超级巡警":{ 252 | "processes":["AST.exe"], 253 | "url":""}, 254 | "墨者安全专家":{ 255 | "processes":["ananwidget.exe"], 256 | "url":""}, 257 | "风云防火墙":{ 258 | "processes":["FYFireWall.exe"], 259 | "url":""}, 260 | "微点主动防御":{ 261 | "processes":["MPMon.exe"], 262 | "url":"http://www.micropoint.com.cn/"}, 263 | "天网防火墙":{ 264 | "processes":["pfw.exe"], 265 | "url":""}, 266 | "D 盾":{ 267 | "processes":["D_Safe_Manage.exe","d_manage.exe"], 268 | "url":"http://www.d99net.net/"}, 269 | "云锁":{ 270 | "processes":["yunsuo_agent_service.exe","yunsuo_agent_daemon.exe"], 271 | "url":"https://www.yunsuo.com.cn/"}, 272 | "护卫神":{ 273 | "processes":["HwsPanel.exe","hws_ui.exe","hws.exe","hwsd.exe"], 274 | "url":"https://www.hws.com/"}, 275 | "火绒安全":{ 276 | "processes":["hipstray.exe","wsctrl.exe","usysdiag.exe","HipsDaemon.exe","HipsLog.exe","HipsMain.exe","usysdiag.exe","wsctrl.exe"], 277 | "url":"https://www.huorong.cn/"}, 278 | "网络病毒克星":{ 279 | "processes":["WEBSCANX.exe"], 280 | "url":""}, 281 | "SPHINX防火墙":{ 282 | "processes":["SPHINX.exe"], 283 | "url":""}, 284 | "Enhanced Mitigation Experience Toolkit":{ 285 | "processes":["emet_agent.exe","emet_service.exe"], 286 | "url":"https://www.microsoft.com/"}, 287 | "H+BEDV Datentechnik GmbH":{ 288 | "processes":["avwin.exe","avwupsrv.exe"], 289 | "url":"http://www.free-av.com/"}, 290 | "IBM ISS Proventia":{ 291 | "processes":["blackd.exe","rapapp.exe"], 292 | "url":""}, 293 | "eEye Digital Security":{ 294 | "processes":["eeyeevnt.exe","blink.exe"], 295 | "url":""}, 296 | "TamoSoft":{ 297 | "processes":["cv.exe","ent.exe"], 298 | "url":"https://www.tamos.com/"}, 299 | "Kerio Personal Firewall":{ 300 | "processes":["persfw.exe","wrctrl.exe"], 301 | "url":"http://www.kerio.com/"}, 302 | "Simplysup":{ 303 | "processes":["Trjscan.exe"], 304 | "url":"https://www.simplysup.com/"}, 305 | "PC Tools AntiVirus":{ 306 | "processes":["PCTAV.exe","pctsGui.exe"], 307 | "url":"http://www.pctools.com"}, 308 | "VirusBuster Professional":{ 309 | "processes":["vbcmserv.exe"], 310 | "url":"http://www.virusbuster.hu"}, 311 | "ClamWin":{ 312 | "processes":["ClamTray.exe","clamscan.exe"], 313 | "url":"http://www.clamwin.com/"}, 314 | "安天智甲":{ 315 | "processes":["kxetray.exe","kscan.exe","AMediumManager.exe","kismain.exe"], 316 | "url":"https://antiy.cn/"}, 317 | "CMC Endpoint Security":{ 318 | "processes":["CMCNECore.exe","cmcepagent.exe","cmccore.exe","CMCLog.exe","CMCFMon.exe"], 319 | "url":"https://cmccybersecurity.com/giai-phap/"}, 320 | "金山毒霸":{ 321 | "processes":["kxescore.exe","kupdata.exe","kxetray.exe","kwsprotect64.exe"], 322 | "url":"http://www.ijinshan.com/" 323 | }, 324 | "Malwarebytes":{ 325 | "processes":["MBAMService.exe","mbam.exe","mbamtray.exe"], 326 | "url":"https://www.malwarebytes.com/" 327 | }, 328 | "Agnitum outpost":{ 329 | "processes":["outpost.exe","acs.exe"], 330 | "url":"https://agnitum-outpost-security-suite.en.softonic.com/" 331 | }, 332 | "Cynet":{ 333 | "processes":["CynetLauncher.exe","CynetDS.exe","CynetEPS.exe","CynetMS.exe","CynetAR.exe","CynetGW.exe","CynetSD64.exe"], 334 | "url":"https://www.cynet.com/" 335 | }, 336 | "Elastic":{ 337 | "processes":["winlogbeat.exe"], 338 | "url":"https://www.elastic.co/" 339 | }, 340 | "MaxSecure":{ 341 | "processes":["MaxAVPlusDM.exe","MaxRCSystemTray.exe","RCSystemTray.exe","SDSystemTray.exe","LiveUpdateSD.exe"], 342 | "url":"https://maxsecureantivirus.com/" 343 | } 344 | } 345 | --------------------------------------------------------------------------------