Created
January 14, 2021 18:58
-
-
Save mgeeky/05ff0627e26aa555382beaf943b1dea9 to your computer and use it in GitHub Desktop.
Lists installed AntiVirus products and their details. Source: https://stackoverflow.com/a/37842942
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-AntiVirusProduct { | |
| [CmdletBinding()] | |
| param ( | |
| [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] | |
| [Alias('name')] | |
| $computername=$env:computername | |
| ) | |
| #$AntivirusProducts = Get-WmiObject -Namespace "root\SecurityCenter2" -Query $wmiQuery @psboundparameters # -ErrorVariable myError -ErrorAction 'SilentlyContinue' # did not work | |
| $AntiVirusProducts = Get-WmiObject -Namespace "root\SecurityCenter2" -Class AntiVirusProduct -ComputerName $computername | |
| $ret = @() | |
| foreach($AntiVirusProduct in $AntiVirusProducts){ | |
| #Switch to determine the status of antivirus definitions and real-time protection. | |
| #The values in this switch-statement are retrieved from the following website: http://community.kaseya.com/resources/m/knowexch/1020.aspx | |
| switch ($AntiVirusProduct.productState) { | |
| "262144" {$defstatus = "Up to date" ;$rtstatus = "Disabled"} | |
| "262160" {$defstatus = "Out of date" ;$rtstatus = "Disabled"} | |
| "266240" {$defstatus = "Up to date" ;$rtstatus = "Enabled"} | |
| "266256" {$defstatus = "Out of date" ;$rtstatus = "Enabled"} | |
| "393216" {$defstatus = "Up to date" ;$rtstatus = "Disabled"} | |
| "393232" {$defstatus = "Out of date" ;$rtstatus = "Disabled"} | |
| "393488" {$defstatus = "Out of date" ;$rtstatus = "Disabled"} | |
| "397312" {$defstatus = "Up to date" ;$rtstatus = "Enabled"} | |
| "397328" {$defstatus = "Out of date" ;$rtstatus = "Enabled"} | |
| "397584" {$defstatus = "Out of date" ;$rtstatus = "Enabled"} | |
| default {$defstatus = "Unknown" ;$rtstatus = "Unknown"} | |
| } | |
| #Create hash-table for each computer | |
| $ht = @{} | |
| $ht.Computername = $computername | |
| $ht.Name = $AntiVirusProduct.displayName | |
| $ht.'Product GUID' = $AntiVirusProduct.instanceGuid | |
| $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe | |
| $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe | |
| $ht.'Definition Status' = $defstatus | |
| $ht.'Real-time Protection Status' = $rtstatus | |
| #Create a new object for each computer | |
| $ret += New-Object -TypeName PSObject -Property $ht | |
| } | |
| Return $ret | |
| } | |
| Get-AntiVirusProduct |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment