Skip to content

Instantly share code, notes, and snippets.

@mgeeky

mgeeky/Get-AntiVirusProduct.ps1

Created January 14, 2021 18:58
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mgeeky/05ff0627e26aa555382beaf943b1dea9 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mgeeky/05ff0627e26aa555382beaf943b1dea9 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. mgeeky created this gist Jan 14, 2021.
    48 changes: 48 additions & 0 deletions Get-AntiVirusProduct.ps1
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,48 @@
    function Get-AntiVirusProduct {
    [CmdletBinding()]
    param (
    [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]
    [Alias('name')]
    $computername=$env:computername


    )

    #$AntivirusProducts = Get-WmiObject -Namespace "root\SecurityCenter2" -Query $wmiQuery @psboundparameters # -ErrorVariable myError -ErrorAction 'SilentlyContinue' # did not work
    $AntiVirusProducts = Get-WmiObject -Namespace "root\SecurityCenter2" -Class AntiVirusProduct -ComputerName $computername

    $ret = @()
    foreach($AntiVirusProduct in $AntiVirusProducts){
    #Switch to determine the status of antivirus definitions and real-time protection.
    #The values in this switch-statement are retrieved from the following website: http://community.kaseya.com/resources/m/knowexch/1020.aspx
    switch ($AntiVirusProduct.productState) {
    "262144" {$defstatus = "Up to date" ;$rtstatus = "Disabled"}
    "262160" {$defstatus = "Out of date" ;$rtstatus = "Disabled"}
    "266240" {$defstatus = "Up to date" ;$rtstatus = "Enabled"}
    "266256" {$defstatus = "Out of date" ;$rtstatus = "Enabled"}
    "393216" {$defstatus = "Up to date" ;$rtstatus = "Disabled"}
    "393232" {$defstatus = "Out of date" ;$rtstatus = "Disabled"}
    "393488" {$defstatus = "Out of date" ;$rtstatus = "Disabled"}
    "397312" {$defstatus = "Up to date" ;$rtstatus = "Enabled"}
    "397328" {$defstatus = "Out of date" ;$rtstatus = "Enabled"}
    "397584" {$defstatus = "Out of date" ;$rtstatus = "Enabled"}
    default {$defstatus = "Unknown" ;$rtstatus = "Unknown"}
    }

    #Create hash-table for each computer
    $ht = @{}
    $ht.Computername = $computername
    $ht.Name = $AntiVirusProduct.displayName
    $ht.'Product GUID' = $AntiVirusProduct.instanceGuid
    $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe
    $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe
    $ht.'Definition Status' = $defstatus
    $ht.'Real-time Protection Status' = $rtstatus


    #Create a new object for each computer
    $ret += New-Object -TypeName PSObject -Property $ht
    }
    Return $ret
    }
    Get-AntiVirusProduct