Get info about Antivirus from Windows Security Centre using Powershell and WMI

function Get-WscAntiVirusInfo {
[CmdletBinding()]
param (
[parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]
[Alias('name')]
$computername=$env:computername
)

$AntiVirusProduct =  gwmi -Namespace root\securitycenter2 -Class AntiVirusProduct -ComputerName $computername
$ProductState=$AntiVirusProduct.ProductState
#$ProductState
$HexProductState="{0:x6}" -f $ProductState
Write-Verbose "HexProductState=$HexProductState"

#$FirstByte = Join-String -Strings "0x", $HexProductState.Substring(0,2)
$FirstByte = -join (“0x”, $HexProductState.Substring(0,2))

Write-Verbose "FirstByte=$FirstByte"
$SecondByte = $HexProductState.Substring(2,2)
Write-Verbose "SecondByte=$SecondByte"
$ThirdByte = $HexProductState.Substring(4,2)
Write-Verbose "ThirdByte=$ThirdByte"

$ObjHt=@{Computername=$ComputerName; `
        AntivirusName=$AntiVirusProduct.displayName; `
        InstanceGuid=$AntiVirusProduct.instanceGuid; `
        PathToSignedProductExe=$AntiVirusProduct.pathToSignedProductExe; `
        PathToSignedReportingExe=$AntiVirusProduct.pathToSignedReportingExe; `
        ProductState=$AntiVirusProduct.productState; `
        HexProductState=$HexProductState; `
        AntivirusPresent=$false; `
        ThirdPartyFirewallPresent=$false; `
        AutoUpdate=$false; `
        RealTimeProtection=$false; `
        VirusDefsUptoDate=$false}

switch ($FirstByte) {
    {($_ -band 1) -gt 0} {$ObjHt.ThirdPartyFirewallPresent=$true}
    {($_ -band 2) -gt 0} {$ObjHt.AutoUpdate=$true}
    {($_ -band 4) -gt 0} {$ObjHt.AntivirusPresent=$true}
}

if ($SecondByte -eq "10") {
    $ObjHt.RealTimeProtection=$true
}

if ($ThirdByte -eq "00") {
    $ObjHt.VirusDefsUptoDate=$true
}

New-Object -TypeName PSObject -Property $ObjHt

}

To discover other classes in the root\SecurityCenter2  namespace use

Get-WmiObject -Namespace root\SecurityCenter2 -List
Advertisements

Tagged: ,

2 thoughts on “Get info about Antivirus from Windows Security Centre using Powershell and WMI

  1. Chad Rexin 19.11.2012 at 18:52 Reply

    It looks like this referenced a function, join-string not included in the script, so I changed the following line to use the -join method instead:

    #$FirstByte = Join-String -Strings “0x”, $HexProductState.Substring(0,2)
    $FirstByte = -join (“0x”, $HexProductState.Substring(0,2))

    • soykablog 5.12.2012 at 20:33 Reply

      thanks mate, you are right. Updated the function to use your construct.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

smsagent

Tips, tricks and time-savers for the Windows and ConfigMgr administrator

To The Point

Anything about Technology and Business

Brian's Power Windows Blog

Microsoft in the Enterprise. Windows, Hyper-V, Exchange, SQL, and more!

PowerScripting Podcast

Shownotes and links for the PowerScripting Podcast, a podcast to help people learn Windows Powershell

Learn Powershell | Achieve More

What is this Powershell of which you speak?

%d bloggers like this: