[英]Powershell: Find installed Antivirus & state, filtering out Windows Defender
I came across the basis of this script in another post here, however, I would like to take it a bit further and have been experimenting.我在这里的另一篇文章中遇到了这个脚本的基础,但是,我想更进一步并且一直在试验。 What I am seeking to achieve is to get the name, state of the antivirus installed on the device and of course I want to filter out Windows Defender.
我想要实现的是获取设备上安装的防病毒软件的名称 state,当然我想过滤掉 Windows Defender。 Here is what I have so far...
这是我到目前为止...
The issue I have with the current code that I am not sure how to get around is that I am getting the state code for Windows Defender also.我不确定如何解决当前代码的问题是,我也获得了 Windows Defender 的 state 代码。
I would greatly appreciate your advise and assistance.非常感谢您的建议和帮助。
clear
function Get-AntivirusName {
[cmdletBinding()]
param (
[string]$ComputerName = "$env:computername" ,
$Credential
)
$wmiQuery = "SELECT * FROM AntiVirusProduct"
$AntivirusProduct = Get-WmiObject -Namespace "root\SecurityCenter2" -Query $wmiQuery @psboundparameters
[array]$AntivirusNames = $AntivirusProduct.displayName | sort -unique
[array]$AntivirusState = $AntivirusProduct.productState | sort -unique
$AntivirusState
Switch($AntivirusNames) {
{$AntivirusNames.Count -eq 0}{"Anti-Virus is NOT installed!";Continue}
{$AntivirusNames.Count -eq 1 -and $_ -eq "Windows Defender"} {Write-host "ONLY Windows Defender is installed!";Continue}
{$_ -ne "Windows Defender"} {"Antivirus Product(s): $_."}
}
}
Get-AntivirusName
If you want to rule out Windows Defender, but do want to get a console message, I would change the function like below:如果您想排除 Windows Defender,但确实想收到控制台消息,我会更改 function,如下所示:
function Get-AntivirusName {
[cmdletBinding()]
param (
[string]$ComputerName = $env:COMPUTERNAME,
$Credential
)
$wmiQuery = "SELECT * FROM AntiVirusProduct"
$AntivirusProduct = @(Get-CimInstance -Namespace "root\SecurityCenter2" -Query $wmiQuery @psboundparameters)
if ($AntivirusProduct.Count -eq 0) {
Write-Host 'Anti-Virus is NOT installed!' -ForegroundColor Red
}
elseif ($AntivirusProduct.Count -eq 1 -and $AntivirusProduct.displayName -like '*Windows Defender*') {
Write-Host 'ONLY Windows Defender is installed!' -ForegroundColor Cyan
}
else {
# filter out Windows Defender from the list
$AntivirusProduct = $AntivirusProduct | Where-Object {$_.displayName -notlike '*Windows Defender*'} | Sort-Object -Unique
# output objects with both the product name and the status
foreach ($avProduct in $AntivirusProduct) {
[PsCustomObject]@{
AV_Product = $avProduct.displayName
AV_Status = $avProduct.productState
}
}
}
}
Get-AntivirusName
Theo, this is brilliant - thank you very much.西奥,这太棒了——非常感谢。 One thing though.
不过有一件事。 Crowdstrike has 2 listings which is why we are using the "| Sort-Object -Unique" however, it doesn't seem to be filtering to a single instance.
Crowdstrike 有 2 个列表,这就是我们使用“| Sort-Object -Unique”的原因,但是,它似乎没有过滤到单个实例。 See my output below for a system with CS installed.
有关安装了 CS 的系统,请参阅下面的 output。
AV_Product AV_Status
---------- ---------
CrowdStrike Falcon Sensor 266240
CrowdStrike Falcon Sensor 266240
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.