AntivirusProductsDetailedStatus.psm1
|
<#
.NOTES -------------------------------------------------------------------------------- Code generated by: SAPIEN Technologies, Inc., PowerShell Studio 2023 v5.8.221 Generated on: 26.4.2023. 08:27 Generated by: chx -------------------------------------------------------------------------------- .DESCRIPTION Script generated by PowerShell Studio 2023 #> <# =========================================================================== Created on: 26.4.2023. 08:14 Created by: chixus Organization: CHXOFT Filename: AntivirusProductsDetailedStatus.psd1 ------------------------------------------------------------------------- Module Manifest ------------------------------------------------------------------------- Module Name: AntivirusProductsDetailedStatus =========================================================================== #> <# .EXTERNALHELP AntivirusProductsDetailedStatus.psm1-Help.xml #> function Get-AntiVirusProduct { [CmdletBinding()] param ( [Parameter(Position = 1)] [switch]$List, [Parameter(Position = 2)] [switch]$IgnoreDefender ) BEGIN { $up = 'Updated' $ou = 'Out-of-date' $en = 'Enabled' $ds = 'Disabled' $un = 'Unknown' if ($IgnoreDefender) { $AntiVirusProducts = Get-CimInstance -Namespace root\SecurityCenter2 -Class AntiVirusProduct; $AntiVirusProducts = $AntiVirusProducts | Where-Object { $_.displayName -notlike "Windows Defender" }} else { $AntiVirusProducts = Get-CimInstance -Namespace 'root\SecurityCenter2' -Class AntiVirusProduct } $ret = @() } PROCESS { foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { '393472' { $defstatus = $up; $rtstatus = $ds } '397568' { $defstatus = $up; $rtstatus = $en } '262144' { $defstatus = $up; $rtstatus = $ds } #d '262160' { $defstatus = $ou; $rtstatus = $ds } #d '266240' { $defstatus = $up; $rtstatus = $en } '266256' { $defstatus = $ou; $rtstatus = $en } '393216' { $defstatus = $up; $rtstatus = $ds } '393232' { $defstatus = $ou; $rtstatus = $ds } '393488' { $defstatus = $ou; $rtstatus = $ds } '397312' { $defstatus = $up; $rtstatus = $en } '397328' { $defstatus = $ou; $rtstatus = $en } '397584' { $defstatus = $ou; $rtstatus = $en } '270336' { $defstatus = $un; $rtstatus = $ds } #k default { $defstatus = $un; $rtstatus = $un } } $ht = @{ } $ht.ComputerName = $env:computername $ht.Name = $AntiVirusProduct.displayName $ht.GUID = $AntiVirusProduct.instanceGuid $ht.PathToExe = $AntiVirusProduct.pathToSignedProductExe if ($ht.PathToExe -like '%ProgramFiles%*') { $ht.PathToExe = $ht.PathToExe.Replace('%ProgramFiles%', $env:ProgramFiles) } elseif ($ht.PathToExe -like '%ProgramData%*') { $ht.PathToExe = $ht.PathToExe.Replace('%ProgramData%', $env:ProgramData) } elseif ($ht.PathToExe -like '%ProgramFiles(x86)%*') { $ht.PathToExe = $ht.PathToExe.Replace('%ProgramFiles(x86)%', ${env:ProgramFiles(x86)}) } $ht.PathToReportingExe = $AntiVirusProduct.pathToSignedReportingExe if ($ht.PathToReportingExe -like '%ProgramFiles%*') { $ht.PathToReportingExe = $ht.PathToReportingExe.Replace('%ProgramFiles%', $env:ProgramFiles) } elseif ($ht.PathToReportingExe -like '%ProgramData%*') { $ht.PathToReportingExe = $ht.PathToReportingExe.Replace('%ProgramData%', $env:ProgramData) } elseif ($ht.PathToReportingExe -like '%ProgramFiles(x86)%*') { $ht.PathToReportingExe = $ht.PathToReportingExe.Replace('%ProgramFiles(x86)%', ${env:ProgramFiles(x86)}) } $ht.DefinitionStatus = $defstatus $ht.RealTimeProtectionStatus = $rtstatus $ret += New-Object -TypeName PSObject -Property $ht } } END { if ($List) { $AVs = $ret.Count; if ($AVs -lt 2) { $OnlyOne = $ht.Name; Write-Warning "There is only '$OnlyOne' Antivirus product installed, please use the cmdlet without -List switch." } else { $ret.Name.ForEach({ Write-Output $_ })}} else { Return $ret }} } <# .EXTERNALHELP AntivirusProductsDetailedStatus.psm1-Help.xml #> function Get-AntivirusState { [CmdletBinding()] [OutputType([System.String])] param () BEGIN { $up = 'Up to date' # 4 = 00 $ou = 'Out of date' # 4 = 10 $en = 'Enabled' # 2 = 10 $ds = 'Disabled' # 2 = 00 $xp = 'Expired' # 2 = 01 $sn = 'Snoozed' # 2 = 11 $un = 'Unknown' $AntiVirusProduct = Get-CimInstance -Namespace root\SecurityCenter2 -Class AntiVirusProduct | Where-Object { $_.displayName -notlike 'Windows Defender' } if ($AntiVirusProduct) { if ($AntiVirusProduct.Count -gt 1) { Write-Error -Message 'There is more than one Antivirus products installed.' -Category LimitsExceeded break } } else { Write-Error -Message 'There is no third party Antivirus product installed.' -Category NotInstalled break } } PROCESS { $hexNumber = [System.Convert]::ToString($AntiVirusProduct.productState, 16) $Enabled = $hexNumber.Substring(1, 2) $Updated = $hexNumber.Substring(3, 2) $State = [PSCustomObject]@{ ProductName = $AntiVirusProduct.displayName EnabledStatus = if ($Enabled -eq '10') { $en } elseif ($Enabled -eq '00') { $ds } elseif ($Enabled -eq '01') { $xp } elseif ($Enabled -eq '11') { $sn } else { $un } UpdatedStatus = if ($Updated -eq '00') { $up } else { $ou } RealTimeProtection = if ($Enabled -eq '10') { [boolean]$true } else { [boolean]$false } DataBaseUpdated = if ($Updated -eq '00') { [boolean]$true } else { [boolean]$false } } } END { return $State } } <# .EXTERNALHELP AntivirusProductsDetailedStatus.psm1-Help.xml #> function Get-RealTimeProtection { [CmdletBinding()] [OutputType([System.Boolean])] param () $AV = Get-AntivirusProduct; $MV = Get-WindowsDefender; if ($AV.RealTimeProtectionStatus -contains 'Enabled' -or ($MV.RealTimeProtectionEnabled)) { [boolean]$true } else { [boolean]$false } } <# .EXTERNALHELP AntivirusProductsDetailedStatus.psm1-Help.xml #> function Get-WindowsDefender { [CmdletBinding()] [OutputType([System.Collections.Hashtable], ParameterSetName = 'result')] param ( [Parameter(Position = 0, HelpMessage = 'Possible Values: AllServer, AllComputer')] [ValidateSet('AllServer', 'AllComputer')] $Scope ) $result = @() $ErrorActionPreference = 'SilentlyContinue' switch ($Scope) { $null { Get-MpComputerStatus | Select-Object -Property Antivirusenabled, AMServiceEnabled, AntispywareEnabled, BehaviorMonitorEnabled, IoavProtectionEnabled, NISEnabled, OnAccessProtectionEnabled, RealTimeProtectionEnabled, AntivirusSignatureLastUpdated } AllServer { if (!($server)) { $server = $env:COMPUTERNAME } foreach ($s in $server) { $rs = Invoke-Command -ComputerName $s{ Get-MpComputerStatus | Select-Object -Property Antivirusenabled, AMServiceEnabled, AntispywareEnabled, ` BehaviorMonitorEnabled, IoavProtectionEnabled, NISEnabled, OnAccessProtectionEnabled, RealTimeProtectionEnabled, AntivirusSignatureLastUpdated } If ($rs) { $result += New-Object -TypeName PSObject -Property ( @{ 'Server' = $rs.PSComputername 'Anti-Virus' = $rs.AntivirusEnabled 'AV Update' = $rs.AntivirusSignatureLastUpdated 'Anti-Malware' = $rs.AMServiceEnabled 'Anti-Spyware' = $rs.AntispywareEnabled 'Behavior Monitor' = $rs.BehaviorMonitorEnabled 'Office-Anti-Virus' = $rs.IoavProtectionEnabled 'NIS' = $rs.NISEnabled 'Access Prot' = $rs.OnAccessProtectionEnabled 'R-T Prot' = $rs.RealTimeProtectionEnabled } ) } } } AllComputer { $comp = $env:COMPUTERNAME foreach ($c in $comp) { $rs = Invoke-Command -ComputerName $c { Get-MpComputerStatus | Select-Object -Property Antivirusenabled, AMServiceEnabled, AntispywareEnabled, ` BehaviorMonitorEnabled, IoavProtectionEnabled, NISEnabled, OnAccessProtectionEnabled, RealTimeProtectionEnabled, AntivirusSignatureLastUpdated } If ($rs) { $result += New-Object -TypeName PSObject -Property ( @{ 'Computer' = $rs.PSComputername 'Anti-Virus' = $rs.AntivirusEnabled 'AV Update' = $rs.AntivirusSignatureLastUpdated 'Anti-Malware' = $rs.AMServiceEnabled 'Anti-Spyware' = $rs.AntispywareEnabled 'Behavior Monitor' = $rs.BehaviorMonitorEnabled 'Office-Anti-Virus' = $rs.IoavProtectionEnabled 'NIS' = $rs.NISEnabled 'Access Prot' = $rs.OnAccessProtectionEnabled 'R-T Prot' = $rs.RealTimeProtectionEnabled } ) } } } } Write-Output $result } |