I have a script to list and check if multiple Anti-Virus are installed on a machine which is working fine. Is there a better way to make it more simpler that having a long code?
Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct >>
C:\temp\AVInstalled.txt
$AVName1 = "Avast"
$AVName2 = "AVG"
$AVName3 = "Avira"
$AVName4 = "Bitdefender"
$AVName5 = "ZoneAlarm"
$AVName6 = "Immunet"
$AVName7 = "ClamWin"
$AVName8 = "Comodo"
$AVName9 = "Dr.Web"
$AVName10 = "ESET"
$AVName11 = "F-Secure"
$AVName12 = "F-PROT"
$AVName13 = "G DATA"
$AVName14 = "Kaspersky"
$AVName15 = "Malwarebytes"
$AVName16 = "McAfee"
$AVName17 = "Windows Defender"
$AVName18 = "NANO"
$AVName19 = "Norton"
$AVName20 = "Spyware"
$AVName21 = "Panda"
$AVName22 = "360 Total Security"
$AVName23 = "Sophos"
$AVName24 = "Titanium"
$AVName25 = "TrustPort"
$AVName26 = "Vba32"
$AVName27 = "Viper"
$AVName28 = "Sentinel"
$AVName29 = "Webroot"
$hostname = "hostname"
$Text1 = "instanceGuid*"
$Text2 = "pathToSignedProductExe*"
$Text3 = "pathToSignedReportingExe*"
$Text4 = "productState*"
$Text5 = "timestamp*"
$Text6 = "PSComputerName*"
$AV1 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName1" -SimpleMatch -Quiet
$AV2 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName2" -SimpleMatch -Quiet
$AV3 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName3" -SimpleMatch -Quiet
$AV4 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName4" -SimpleMatch -Quiet
$AV5 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName5" -SimpleMatch -Quiet
$AV6 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName6" -SimpleMatch -Quiet
$AV7 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName7" -SimpleMatch -Quiet
$AV8 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName8" -SimpleMatch -Quiet
$AV9 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName9" -SimpleMatch -Quiet
$AV10 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName10" -SimpleMatch -Quiet
$AV11 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName11" -SimpleMatch -Quiet
$AV12 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName12" -SimpleMatch -Quiet
$AV13 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName13" -SimpleMatch -Quiet
$AV14 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName14" -SimpleMatch -Quiet
$AV15 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName15" -SimpleMatch -Quiet
$AV16 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName16" -SimpleMatch -Quiet
$AV17 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName17" -SimpleMatch -Quiet
$AV18 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName18" -SimpleMatch -Quiet
$AV19 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName19" -SimpleMatch -Quiet
$AV20 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName20" -SimpleMatch -Quiet
$AV21 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName21" -SimpleMatch -Quiet
$AV22 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName22" -SimpleMatch -Quiet
$AV23 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName23" -SimpleMatch -Quiet
$AV24 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName24" -SimpleMatch -Quiet
$AV25 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName25" -SimpleMatch -Quiet
$AV26 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName26" -SimpleMatch -Quiet
$AV27 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName27" -SimpleMatch -Quiet
$AV28 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName28" -SimpleMatch -Quiet
$AV29 = Select-String -Path C:\temp\AVInstalled.txt -Pattern "$AVName29" -SimpleMatch -Quiet
$AV = Get-Content C:\temp\AVInstalled.txt | Select-String -Pattern "$Text1", "$Text2", "$Text3", "$Text4", "$Text5", "$Text6" -NotMatch
if ($AV1 -Or $AV2 -Or $AV3 -Or $AV4 -Or $AV5 -Or $AV6 -Or $AV7 -Or $AV8 -Or $AV9 -Or $AV10 -Or $AV11 -Or $AV12 -Or $AV13 -Or $AV14 -Or $AV15 -Or $AV16 -Or $AV17 -Or $AV18 -Or $AV19 -Or $AV20 -Or $AV21 -Or $AV22 -Or $AV23 -Or $AV24 -Or $AV25 -Or $AV26 -Or $AV27 -Or $AV28 -Or $AV29 -eq 'True' )
{
echo "[INFO] Multiple Anti-Virus are installed on this machine: ";
echo "$(Get-Date) - [INFO] $AV."
}
else{
echo "There's only one Antiv-Virus installed on this machine:"
echo "$(Get-Date) - [INFO] $AV."
}
Also, the result of $AV shows like this:
[INFO] Multiple Anti-Virus are installed on this machine:
12/28/2021 17:25:50 - [INFO] displayName : Webroot SecureAnywhere displayName : Bitdefender Endpoint Security Tools Antimalware displayName : Windows Defender displayName : Webroot SecureAnywhere .
How can I remove the extra spaces and add a new line to each result and show it like this?
[INFO] Multiple Anti-Virus are installed on this machine:
12/28/2021 17:25:50 - [INFO] displayName: Webroot SecureAnywhere
displayName: Bitdefender Endpoint Security Tools Antimalware
displayName: Windows Defender
displayName: Webroot SecureAnywhere .
Thank you,
CodePudding user response:
here is one way to grab & show that info ...
the code ...
#requires -RunAsAdministrator
$AVList = @(Get-CimInstance -Namespace 'root/SecurityCenter2' -ClassName 'AntivirusProduct')
switch ($AVList.Count)
#switch (0)
#switch (3)
{
0 {Write-Warning 'No AV product detected.'}
1 {
Write-Host 'There is just one AV product installed.'
Write-Host (' DisplayName = {0}' -f $AVList.displayName)
}
default
{
Write-Warning ('There are {0} AV products installed on this system.' -f $AVList.Count)
Write-Warning (' DisplayNames = {0}' -f ($AVList.displayName -join ', '))
}
}
on my system with one AV product ...
There is just one AV product installed.
DisplayName = Windows Defender
if i comment out the 1st switch test and use the 3 value, i get this ...
WARNING: There are 1 AV products installed on this system.
WARNING: DisplayNames = Windows Defender
obviously, the count is showing the real one, but you can see the result would be the number of AV items AND a comma-delimited list of the display names.
what the code does ...
- tells PoSh that the script needs to run as admin
if that aint the case, PoSh will refuse to run this code. - grabs the list of AV items via a CIM call & stores that list in a $Var
- the
@()wrapped around the above line forces the result to be an array
there are times when it helps to force such ... in this case it makes certain that the.Countproperty will be there AND be accurate. - uses a
switchstatement to choose what to do based on the count of AV items in the $AVList var - if
0, say so
here's hoping that doesn't show up for any of your systems. [grin] - if
1, say so and list the AV display name - if any thing else [the
defaultvalue], show the count and a list of the display names
CodePudding user response:
I don't have Get-CimInstance available for testing but it should be as easy as this:
$av = Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct
if($av.Count -gt 1) # if more than 1 AV was found, show them
{
$av | ForEach-Object -Begin {
'[INFO] Multiple Anti-Virus are installed on this machine:'
'[INFO] - {0}' -f [datetime]::now
} -Process {
'DisplayName: {0}' -f $_.DisplayName
}
}
One thing to note, you're using -eq 'True', booleans in PowerShell are $true and $false (-eq $true) however in your code it shouldn't be needed at all:
if($false -or $false -or $true){ $true } # => $true
What's happening on your code is that whenever one of the variables ($av1, $av2...) is $true then the boolean is tested for equality with a string (the literal 'True') and, any string when evaluated is $true except for '' or [string]::Empty:
$false -or $true -eq 'anystring' # => $true
$true -eq 'anystring' # => $true
$true -eq [string]::Empty # => $false
$true -eq '' # => $false