Home > database >  Powershell: Find installed Antivirus & state, filtering out Windows Defender
Powershell: Find installed Antivirus & state, filtering out Windows Defender

Time:11-27

I came across the basis of this script in another post here, however, I would like to take it a bit further and have been experimenting. What I am seeking to achieve is to get the name, state of the antivirus installed on the device and of course I want to filter out Windows Defender. Here is what I have so far...

The issue I have with the current code that I am not sure how to get around is that I am getting the state code for Windows Defender also.

I would greatly appreciate your advise and assistance.

clear
function Get-AntivirusName { 
[cmdletBinding()]     
param ( 
[string]$ComputerName = "$env:computername" , 
$Credential 
) 
    $wmiQuery = "SELECT * FROM AntiVirusProduct" 
    $AntivirusProduct = Get-WmiObject -Namespace "root\SecurityCenter2" -Query $wmiQuery  @psboundparameters
    [array]$AntivirusNames = $AntivirusProduct.displayName | sort -unique
    [array]$AntivirusState = $AntivirusProduct.productState | sort -unique
    $AntivirusState
    Switch($AntivirusNames) {
        {$AntivirusNames.Count -eq 0}{"Anti-Virus is NOT installed!";Continue}
        {$AntivirusNames.Count -eq 1 -and $_ -eq "Windows Defender"} {Write-host "ONLY Windows Defender is installed!";Continue}
        {$_ -ne "Windows Defender"} {"Antivirus Product(s): $_."}
   }
}
Get-AntivirusName

CodePudding user response:

If you want to rule out Windows Defender, but do want to get a console message, I would change the function like below:

function Get-AntivirusName { 
    [cmdletBinding()]     
    param ( 
        [string]$ComputerName = $env:COMPUTERNAME, 
        $Credential 
    ) 
    $wmiQuery = "SELECT * FROM AntiVirusProduct" 
    $AntivirusProduct = @(Get-CimInstance -Namespace "root\SecurityCenter2" -Query $wmiQuery  @psboundparameters)
    if ($AntivirusProduct.Count -eq 0) {
        Write-Host 'Anti-Virus is NOT installed!' -ForegroundColor Red
    }
    elseif ($AntivirusProduct.Count -eq 1 -and $AntivirusProduct.displayName -like '*Windows Defender*') {
        Write-Host 'ONLY Windows Defender is installed!' -ForegroundColor Cyan
    }
    else {
        # filter out Windows Defender from the list
        $AntivirusProduct = $AntivirusProduct | Where-Object {$_.displayName -notlike '*Windows Defender*'} | Sort-Object -Unique
        # output objects with both the product name and the status
        foreach ($avProduct in $AntivirusProduct) {
            [PsCustomObject]@{
                AV_Product = $avProduct.displayName
                AV_Status  = $avProduct.productState
            }
        }
    }
}

Get-AntivirusName

CodePudding user response:

Theo, this is brilliant - thank you very much. One thing though. Crowdstrike has 2 listings which is why we are using the "| Sort-Object -Unique" however, it doesn't seem to be filtering to a single instance. See my output below for a system with CS installed.

AV_Product                AV_Status
----------                ---------
CrowdStrike Falcon Sensor    266240
CrowdStrike Falcon Sensor    266240

Page link:https//www.codepudding.com/database/206332.html

Prev:IP address script is not correcting working with while and if statements
Next:Flutter APP crashes when opening page with query
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding