Added Antivirus Check

Functions.h

@@ -12,5 +12,6 @@ std::wstring GetNameFromSidEx(const PSID tSid);
 std::wstring GenerateAccessMask(DWORD iCurrentMask);
 std::wstring GenerateInheritanceFlags(DWORD iCurrentFlags);
 HANDLE RegisterFileHandle(HANDLE hFile, std::wstring sOperation);
+bool CheckIfAntivirusIsActive();
 
 

Helpers.cpp

@@ -6,6 +6,10 @@
 #include <lmcons.h>
 #include <stdio.h>
 #include <ntsecapi.h>
+#include <atlbase.h>
+#include <atlstr.h>
+#include <wscapi.h>
+#include <iwscapi.h>
 
 #include <string>
 #include <map>
@@ -361,4 +365,60 @@ HANDLE RegisterFileHandle(HANDLE hFile, std::wstring sOperation)
 		oFileLookup[sPath] = std::pair<HANDLE, std::wstring>(hFile, sOperation);
 		return hFile;
 	}
+}
+
+bool CheckIfAntivirusIsActive()
+{
+	CoInitializeEx(0, COINIT_APARTMENTTHREADED);
+	bool bIsInstalled = false;
+
+	// query the product list
+	IWSCProductList * PtrProductList = nullptr;
+	if (FAILED(CoCreateInstance(__uuidof(WSCProductList), NULL, CLSCTX_INPROC_SERVER,
+		__uuidof(IWSCProductList), reinterpret_cast<LPVOID*> (&PtrProductList))))
+	{
+		return false;
+	}
+
+	// initialize the antivirus provider list
+	if (FAILED(PtrProductList->Initialize(WSC_SECURITY_PROVIDER_ANTIVIRUS)))
+	{
+		PtrProductList->Release();
+		return false;
+	}
+
+	// get the current product count
+	LONG ProductCount = 0;
+	if (FAILED(PtrProductList->get_Count(&ProductCount)))
+	{
+		PtrProductList->Release();
+		return false;
+	}
+
+	for (LONG i = 0; i < ProductCount; i++)
+	{
+		// get the product details
+		IWscProduct * PtrProduct = nullptr;
+		if (FAILED(PtrProductList->get_Item(i, &PtrProduct)))
+		{
+			PtrProductList->Release();
+			return false;
+		}
+
+		// fetch the product state
+		WSC_SECURITY_PRODUCT_STATE ProductState;
+		if (FAILED(PtrProduct->get_ProductState(&ProductState)))
+		{
+			PtrProduct->Release();
+			PtrProductList->Release();
+			return false;
+		}
+
+		bIsInstalled |= (ProductState == WSC_SECURITY_PRODUCT_STATE_ON);
+		PtrProduct->Release();
+	}
+
+	// return status
+	PtrProductList->Release();
+	return bIsInstalled;
 }

Main.cpp

@@ -456,6 +456,7 @@ int wmain(int iArgs, WCHAR * aArgs[])
 		wprintf(L"= Scan Path(s): %s\n", (*sScanPath).c_str());
 	wprintf(L"= Maximum Threads: %d\n", (int)InputOutput::MaxThreads());
 	wprintf(L"= What If Mode: %s\n", InputOutput::InWhatIfMode() ? L"Yes" : L"No");
+	wprintf(L"= Antivirus Active: %s\n", CheckIfAntivirusIsActive() ? L"Yes" : L"No");
 	wprintf(L"===============================================================================\n");
 
 	// do the scan

OperationCompact.cpp

@@ -64,7 +64,7 @@ bool OperationCompact::ProcessAclAction(WCHAR * const sSdPart, ObjectEntry & tOb
 				tAceOuter->Header.AceFlags |= (tAceInner->Header.AceFlags & OBJECT_INHERIT_ACE);
 				tAceOuter->Header.AceFlags &= (!HasInheritOnly(tAceInner) || !HasInheritOnly(tAceOuter)) ? ~INHERIT_ONLY_ACE : ~0;
 
-				// per previous checks, the masks are either idential or mergable so we can
+				// per previous checks, the masks are either identical or mergable so we can
 				// unconditionally or them together
 				tAceOuter->Mask |= tAceInner->Mask;
 

OperationHelp.cpp

@@ -206,17 +206,22 @@ Exclusive Options
 
 Other Notes & Limitations
 =========================
-To only affect a particular part of a security descriptor, you can add on an 
-optional ':X' parameter after the end of the account name where X is a comma
-separated list of DACL,SACL, OWNER, or GROUP.  For example,
-'/RemoveAccount "DOM\joe:DACL,OWNER"' will only cause the designated account
-to be removed from the DACL and OWNER parts of the security descriptor. 
-
-Since repacls is multi-threaded, any file output shown on the screen or 
-written to an output file may appear differently between executions.  In this
-is problematic for your needs, you can turn off multi-threading by setting 
-/Threads to '1' or, in the case of comparing files between runs, sort the 
-output before comparing with your favorite text editor. 
+- To only affect a particular part of a security descriptor, you can add on an 
+  optional ':X' parameter after the end of the account name where X is a comma
+  separated list of DACL,SACL, OWNER, or GROUP.  For example,
+  '/RemoveAccount "DOM\joe:DACL,OWNER"' will only cause the designated account
+  to be removed from the DACL and OWNER parts of the security descriptor. 
+
+- Since repacls is multi-threaded, any file output shown on the screen or 
+  written to an output file may appear differently between executions.  In this
+  is problematic for your needs, you can turn off multi-threading by setting 
+  /Threads to '1' or, in the case of comparing files between runs, sort the 
+  output before comparing with your favorite text editor.
+
+- Antivirus applications can degrade performance tremendously if active while
+  running repacls.  If performance is a concern and you are processing a large
+  volume, you may want to consider temporarily disabling realtime virus 
+  scanning.  Antivirus status is noted when executing repacls.
  
 Examples
 ========