The rambling continues. Quick re-cap I have my script-alike-function I created long ago called get-hitech that has multiple info gathering things. This post is about figuring out if Windows has Anti-Virus enabled and updated, kind-of. Please take notice, everything I do in this series of posts is mostly for learning and is actually for reals based on my script-alike-function. The steps may not be the best way to do something. I likely won’t even finish fixing my wonderful code. Sure is fun looking at this unfinished creation of my past. It’s OK to fail, share, learn, and make fun of what you didn’t know (and still don’t). PowerShell is more then meets the eye.
Not sure about you, but I personally go out of my way to not use WMI-Filters in Group Policy. Before PowerShell I knew what WMI was. I had even read way more then I cared to know. PowerShell has made WMI Interesting. Tip, don’t ask anyone too smart about the different between WMI and CMI. Here’s all you need to know, CMI works over PowerShell Remoting AKA WinRM (HTTP 5685) and WMI doesn’t. They both access the same goodies.
Let’s see what I got to work with in my script-alike-function. Looks like the Get-CimInstance is getting some info about the Anti-Virus and Anti-Spyware. Like there’s a different to me. Is there really Anti-Virus that doesn’t include Anti-Spyware? There’s something about converting to Hexadecimal. Great, I did use Hex for configuring my Sound Blaster ISA Card 20yrs ago and for connecting Plam Pilots for people who could code in Fortran but somehow could not figure-out how to set baud rates and com ports. For you old techs 2F8, 3E8 anyone? Did your Sound Blaster have RAM sockets?
Well what happens when I run this code? Nothing but errors. Time to just check the two variables, $AntiSpyware and $AntiVirus
Hey the CIM Stuff is getting something useful. My machine has Windows Defender. There is something about a product state. Now I remember I had found some site that talked about the product state being in hex and what the numbers mean. Wish I had put a link to that site as a comment in my script-alike-function.
The Internet is amazing if you type in the right search. Found a MSDN Forum talking about the productstate and then I found a finished function all by searching for ” windows antivirus productstate” Who knows, would I have used the term “productstate” with out PowerShell?
I’m not going to pretend like I’m not going to use the function from Mr. Jirka Domin AKA Soyka (common jay?) and just call it a day. The only thing I will likely do it change it to CMI. Put a little more write-verbose, especially around the Hex stuff just for my own personal reference on how to convert Hex. Also not sure why Mr. Jays’ comments are mostly just the code with-out aliases. Please don’t use aliases, that why the powershell gods gave us Tab-Complete.
Mr. Jays’ code works!
Not sure I care about the path stuff. I can’t stand when programs are installed outside program files. Not to name names, Medisoft! But it’s easy to select what you want. Remember IT is highly opinionated. Let the user of your function decided what that they need with your functions. You never know you may change your own mind about what you need.
Take a look at the Param Block in Mr Jay’s code. That’s the top part marked Param super newbie. Notice there is only one param $computername. But it was giving a default value $computername = $env:computername so … if someone does not provide a value for the parameter it will default to the environmental variable in PowerShell for localhost. I going to come clean, not too long ago I would put an IF Statement to see if I needed to provide the current system name. But you know what it worked and I put a nice write-verbose telling everyone what I was doing so they could laugh at me.
One last rambling, there are more $ENV: in PowerShell then there are in the Windows GUI. What a pain to get to the real stuff in Windows now. I know the smartphone generation like clean ‘modern’ looking GUI Settings. I miss you Windows2K! As promised, this post was mostly just ramblings. Hope you have fun rambling your way with PowerShell.