Get info about Antivirus from Windows Security Centre using Powershell and WMI

function Get-WscAntiVirusInfo {
param (
[parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]

$AntiVirusProduct =  gwmi -Namespace root\securitycenter2 -Class AntiVirusProduct -ComputerName $computername
$HexProductState="{0:x6}" -f $ProductState
Write-Verbose "HexProductState=$HexProductState"

#$FirstByte = Join-String -Strings "0x", $HexProductState.Substring(0,2)
$FirstByte = -join (“0x”, $HexProductState.Substring(0,2))

Write-Verbose "FirstByte=$FirstByte"
$SecondByte = $HexProductState.Substring(2,2)
Write-Verbose "SecondByte=$SecondByte"
$ThirdByte = $HexProductState.Substring(4,2)
Write-Verbose "ThirdByte=$ThirdByte"

$ObjHt=@{Computername=$ComputerName; `
        AntivirusName=$AntiVirusProduct.displayName; `
        InstanceGuid=$AntiVirusProduct.instanceGuid; `
        PathToSignedProductExe=$AntiVirusProduct.pathToSignedProductExe; `
        PathToSignedReportingExe=$AntiVirusProduct.pathToSignedReportingExe; `
        ProductState=$AntiVirusProduct.productState; `
        HexProductState=$HexProductState; `
        AntivirusPresent=$false; `
        ThirdPartyFirewallPresent=$false; `
        AutoUpdate=$false; `
        RealTimeProtection=$false; `

switch ($FirstByte) {
    {($_ -band 1) -gt 0} {$ObjHt.ThirdPartyFirewallPresent=$true}
    {($_ -band 2) -gt 0} {$ObjHt.AutoUpdate=$true}
    {($_ -band 4) -gt 0} {$ObjHt.AntivirusPresent=$true}

if ($SecondByte -eq "10") {

if ($ThirdByte -eq "00") {

New-Object -TypeName PSObject -Property $ObjHt


To discover other classes in the root\SecurityCenter2  namespace use

Get-WmiObject -Namespace root\SecurityCenter2 -List

Tagged: ,

3 thoughts on “Get info about Antivirus from Windows Security Centre using Powershell and WMI

  1. Chad Rexin 19.11.2012 at 18:52 Reply

    It looks like this referenced a function, join-string not included in the script, so I changed the following line to use the -join method instead:

    #$FirstByte = Join-String -Strings “0x”, $HexProductState.Substring(0,2)
    $FirstByte = -join (“0x”, $HexProductState.Substring(0,2))

    • soykablog 5.12.2012 at 20:33 Reply

      thanks mate, you are right. Updated the function to use your construct.

  2. […] Here’s someone who already finished a function […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


Scripts, tools and tips, mostly around Microsoft SCCM and EMS

To The Point

Anything about Technology and Business

Brian's Power Windows Blog

Microsoft in the Enterprise. Windows, Hyper-V, Exchange, SQL, and more!

PowerScripting Podcast

Shownotes and links for the PowerScripting Podcast, a podcast to help people learn Windows Powershell

Learn Powershell | Achieve More

What is this Powershell of which you speak?

%d bloggers like this: