AntivirusProductsDetailedStatus.psm1
|
<#
=========================================================================== Created on: 7.4.2023. 14:49 Created by: chixus Organization: CHXOFT Filename: AntivirusProductsDetailedStatus.psm1 ------------------------------------------------------------------------- Module Name: AntivirusProductsDetailedStatus =========================================================================== #> <# .EXTERNALHELP AntivirusProductsDetailedStatus.psm1-Help.xml #> function Get-AntiVirusProduct { [CmdletBinding()] param ( [Parameter(Position = 1)] [switch]$List, [Parameter(Position = 2)] [switch]$IgnoreDefender ) BEGIN { $up = 'Updated' $ou = 'Out-of-date' $en = 'Enabled' $ds = 'Disabled' $un = 'Unknown' if ($IgnoreDefender) { $AntiVirusProducts = Get-CimInstance -Namespace root\SecurityCenter2 -Class AntiVirusProduct; $AntiVirusProducts = $AntiVirusProducts | Where-Object { $_.displayName -notlike "Windows Defender" }} else { $AntiVirusProducts = Get-CimInstance -Namespace 'root\SecurityCenter2' -Class AntiVirusProduct } $ret = @() } PROCESS { foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { '393472' { $defstatus = $up; $rtstatus = $ds } '397568' { $defstatus = $up; $rtstatus = $en } '262144' { $defstatus = $up; $rtstatus = $ds } '262160' { $defstatus = $ou; $rtstatus = $ds } '266240' { $defstatus = $up; $rtstatus = $en } '266256' { $defstatus = $ou; $rtstatus = $en } '393216' { $defstatus = $up; $rtstatus = $ds } '393232' { $defstatus = $ou; $rtstatus = $ds } '393488' { $defstatus = $ou; $rtstatus = $ds } '397312' { $defstatus = $up; $rtstatus = $en } '397328' { $defstatus = $ou; $rtstatus = $en } '397584' { $defstatus = $ou; $rtstatus = $en } default { $defstatus = $un; $rtstatus = $un } } $ht = @{ } $ht.ComputerName = $env:computername $ht.Name = $AntiVirusProduct.displayName $ht.GUID = $AntiVirusProduct.instanceGuid $ht.PathToExe = $AntiVirusProduct.pathToSignedProductExe if ($ht.PathToExe -like '%ProgramFiles%*') { $ht.PathToExe = $ht.PathToExe.Replace('%ProgramFiles%', $env:ProgramFiles) } elseif ($ht.PathToExe -like '%ProgramData%*') { $ht.PathToExe = $ht.PathToExe.Replace('%ProgramData%', $env:ProgramData) } elseif ($ht.PathToExe -like '%ProgramFiles(x86)%*') { $ht.PathToExe = $ht.PathToExe.Replace('%ProgramFiles(x86)%', ${env:ProgramFiles(x86)}) } $ht.PathToReportingExe = $AntiVirusProduct.pathToSignedReportingExe if ($ht.PathToReportingExe -like '%ProgramFiles%*') { $ht.PathToReportingExe = $ht.PathToReportingExe.Replace('%ProgramFiles%', $env:ProgramFiles) } elseif ($ht.PathToReportingExe -like '%ProgramData%*') { $ht.PathToReportingExe = $ht.PathToReportingExe.Replace('%ProgramData%', $env:ProgramData) } elseif ($ht.PathToReportingExe -like '%ProgramFiles(x86)%*') { $ht.PathToReportingExe = $ht.PathToReportingExe.Replace('%ProgramFiles(x86)%', ${env:ProgramFiles(x86)}) } $ht.DefinitionStatus = $defstatus $ht.RealTimeProtectionStatus = $rtstatus $ret += New-Object -TypeName PSObject -Property $ht } } END { if ($List) { $AVs = $ret.Count; if ($AVs -lt 2) { $OnlyOne = $ht.Name; Write-Warning "There is only '$OnlyOne' Antivirus product installed, please use the cmdlet without -List switch." } else { $ret.Name.ForEach({ Write-Output $_ })}} else { Return $ret }} } <# .EXTERNALHELP AntivirusProductsDetailedStatus.psm1-Help.xml #> function Get-RealTimeProtection { [CmdletBinding()] param () $AV = Get-AntivirusProduct; $MV = Get-WindowsDefender; if ($AV.RealTimeProtectionStatus -contains 'Enabled' -or ($MV.RealTimeProtectionEnabled)) { [boolean]$true } else {[boolean]$false } } <# .EXTERNALHELP AntivirusProductsDetailedStatus.psm1-Help.xml #> function Get-WindowsDefender { [CmdletBinding()] [OutputType([System.Collections.Hashtable], ParameterSetName = 'result')] param ( [Parameter(Position = 0, HelpMessage = 'Possible Values: AllServer, AllComputer')] [ValidateSet('AllServer', 'AllComputer')] $Scope ) $result = @() $ErrorActionPreference = 'SilentlyContinue' switch ($Scope) { $null { Get-MpComputerStatus | Select-Object -Property Antivirusenabled, AMServiceEnabled, AntispywareEnabled, BehaviorMonitorEnabled, IoavProtectionEnabled, NISEnabled, OnAccessProtectionEnabled, RealTimeProtectionEnabled, AntivirusSignatureLastUpdated } AllServer { if (!($server)) { $server = $env:COMPUTERNAME } foreach ($s in $server) { $rs = Invoke-Command -ComputerName $s{ Get-MpComputerStatus | Select-Object -Property Antivirusenabled, AMServiceEnabled, AntispywareEnabled, ` BehaviorMonitorEnabled, IoavProtectionEnabled, NISEnabled, OnAccessProtectionEnabled, RealTimeProtectionEnabled, AntivirusSignatureLastUpdated } If ($rs) { $result += New-Object -TypeName PSObject -Property ( @{ 'Server' = $rs.PSComputername 'Anti-Virus' = $rs.AntivirusEnabled 'AV Update' = $rs.AntivirusSignatureLastUpdated 'Anti-Malware' = $rs.AMServiceEnabled 'Anti-Spyware' = $rs.AntispywareEnabled 'Behavior Monitor' = $rs.BehaviorMonitorEnabled 'Office-Anti-Virus' = $rs.IoavProtectionEnabled 'NIS' = $rs.NISEnabled 'Access Prot' = $rs.OnAccessProtectionEnabled 'R-T Prot' = $rs.RealTimeProtectionEnabled } ) } } } AllComputer { $comp = $env:COMPUTERNAME foreach ($c in $comp) { $rs = Invoke-Command -ComputerName $c { Get-MpComputerStatus | Select-Object -Property Antivirusenabled, AMServiceEnabled, AntispywareEnabled, ` BehaviorMonitorEnabled, IoavProtectionEnabled, NISEnabled, OnAccessProtectionEnabled, RealTimeProtectionEnabled, AntivirusSignatureLastUpdated } If ($rs) { $result += New-Object -TypeName PSObject -Property ( @{ 'Computer' = $rs.PSComputername 'Anti-Virus' = $rs.AntivirusEnabled 'AV Update' = $rs.AntivirusSignatureLastUpdated 'Anti-Malware' = $rs.AMServiceEnabled 'Anti-Spyware' = $rs.AntispywareEnabled 'Behavior Monitor' = $rs.BehaviorMonitorEnabled 'Office-Anti-Virus' = $rs.IoavProtectionEnabled 'NIS' = $rs.NISEnabled 'Access Prot' = $rs.OnAccessProtectionEnabled 'R-T Prot' = $rs.RealTimeProtectionEnabled } ) } } } } Write-Output $result } |