WMI examples

Here's some info on getting WMI info with wbemtest and wmic.

WBEMTEST

Run wbemtest from the command line then connect to root\cimv2.

Win32_Product

This may not match the registry of add/remove programs.

SELECT * from Win32_Product where name like '%carbon%' or name like '%protection%'

Win32_Service

To find more properties, run the query then double click on a service name and look in the Properties section mid-screen.

SELECT * FROM Win32_Service

SELECT * FROM Win32_Service WHERE (name = 'CarbonBlack' or name = 'Parity') and startmode='auto'

SELECT * FROM Win32_Service WHERE Name LIKE 'Gx%'

SELECT * FROM Win32_Service WHERE state="running"

SELECT * FROM Win32_Service WHERE displayname="dns client"

SELECT * FROM Win32_Service WHERE Name LIKE 'Gx%' and startmode="auto"

SELECT * FROM Win32_Service WHERE displayname like 'mcafee%' or displayname like 'trellix%'

Odd one here, I wanted to find services with McAfee OR Trellix in the display name AND with auto start but this doesn't work:

SELECT * FROM Win32_Service WHERE displayname like '%mcafee%' or displayname like '%trellix% and startmode="auto"'

however, putting it in brackets does. I've tested this a bit and it seems solid:

SELECT * FROM Win32_Service WHERE (displayname like '%mcafee%' or displayname like '%trellix%') and startmode='auto'

WMIC

This lets you run WMI queries from the command line. The syntax is different than wbemtest.

Run from CMD not PowerShell or you will get errors.

This also works using the 'Run command' task in my update rollup mp.

wmic service where "name like '%mcafee%'" get name, displayname, startmode

wmic service where "displayname like '%mcafee%' or displayname like '%trellix%'" get name, displayname, startmode

This seems to work, might need to be checked.

wmic service where "(displayname like '%mcafee%' or displayname like '%trellix%') and startmode='auto'" get name, displayname, startmode