locked
Findout antivirus installed on multiple computers RRS feed

  • Question

  • Hi Guys,

    I need a script to find out antivirus installed on multiple Windows Servers.  I got one by Aman put below. Is there any other you are aware off that can help me inventory the servers. These servers are in a Citrix environment. Please advise guys. Thanks.

    function Get-AntivirusName {

    [cmdletBinding()] 
    param (
    [string]$ComputerName = "$env:computername" ,
    $Credential
    )


     BEGIN
      {
       # Setting WMI query in a variable
          $wmiQuery = "SELECT * FROM AntiVirusProduct"

      }


     PROCESS
      {
       # doing getting wmi
                   
       $AntivirusProduct = Get-WmiObject -Namespace "root\SecurityCenter2" -Query $wmiQuery  @psboundparameters # -ErrorVariable myError -ErrorAction 'SilentlyContinue'     
                Write-host $AntivirusProduct.displayName -ForegroundColor Cyan

      }

     END {

      }
    } #end  of the function

     

     

     
    Get-AntivirusName


    Agroman09

    Tuesday, October 21, 2014 6:58 AM

Answers

  • Also see this post..

    Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable) _________________________________________________________________________________ Powershell: Learn it before it's an emergency http://technet.microsoft.com/en-us/scriptcenter/powershell.aspx http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx

    • Marked as answer by Agroman09 Wednesday, October 22, 2014 12:01 PM
    Tuesday, October 21, 2014 9:29 AM
  •   

     Get-WmiObject AntiVirusProduct -Namespace root\SecurityCenter2  -Computer somepc


    ¯\_(ツ)_/¯


    • Edited by jrv Tuesday, October 21, 2014 8:28 AM
    • Marked as answer by Agroman09 Wednesday, October 22, 2014 12:01 PM
    Tuesday, October 21, 2014 8:27 AM
  • If you have the computer names in a text file for example, try:

    $AVProducts = @()
    foreach ($Computer in (Get-Content ".\Computerlist.txt")) {
        (Get-WmiObject AntiVirusProduct -Namespace root\SecurityCenter2 -ComputerName $Computer -ErrorAction SilentlyContinue).DisplayName | % {
            $AVProducts += (New-Object -TypeName psobject -Property  @{ 'Computer' = $Computer; 'AntiVirus' = $_ })
        }
    }
    
    # Display to screen:
    $AVProducts | FT -AutoSize
    
    # Display in Gridview:
    $AVProducts | Out-GridView
    
    # Export to CSV:
    $AVProducts | Export-Csv -Path .\AVProducts.csv -NoTypeInformation

    You will get a record in the CSV sheet for every computer in the input list. 

    You will get multiple records per PC if it has more than one AV/Antimalware products installed.

    An empty cell in the AntiVirus column means either:

    1. The PC does not have AV or Antimalware installed, or 

    2. It's older than Windows Vista SP1


    Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable) _________________________________________________________________________________ Powershell: Learn it before it's an emergency http://technet.microsoft.com/en-us/scriptcenter/powershell.aspx http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx

    • Marked as answer by Agroman09 Monday, October 27, 2014 7:55 AM
    Wednesday, October 22, 2014 12:51 PM

All replies

  •   

     Get-WmiObject AntiVirusProduct -Namespace root\SecurityCenter2  -Computer somepc


    ¯\_(ツ)_/¯


    • Edited by jrv Tuesday, October 21, 2014 8:28 AM
    • Marked as answer by Agroman09 Wednesday, October 22, 2014 12:01 PM
    Tuesday, October 21, 2014 8:27 AM
  • Also see this post..

    Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable) _________________________________________________________________________________ Powershell: Learn it before it's an emergency http://technet.microsoft.com/en-us/scriptcenter/powershell.aspx http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx

    • Marked as answer by Agroman09 Wednesday, October 22, 2014 12:01 PM
    Tuesday, October 21, 2014 9:29 AM
  • Unfortunately those old decodes do not work correctly with the newer security providers post Windows 2008.  The decodes are a guess and may not give correct results.

    Only byte 0x8000 and bits 0x3 are useful. 0x8000 tells if the scanner is running OK if it is set and the low bits are not set if the files are up to date.  All of the other bits have various meanings depending on the product as this also is used for the firewall


    ¯\_(ツ)_/¯

    Tuesday, October 21, 2014 11:04 AM
  • Thanks Sam it worked :) on my windows 7 laptop. How can I run it on 300 servers in the hosting environment ?

    Agroman09

    Wednesday, October 22, 2014 12:02 PM
  • Sam I will certainly learn it. This the next skill on my pan to acquire :)

    Agroman09

    Wednesday, October 22, 2014 12:05 PM
  • If you have the computer names in a text file for example, try:

    $AVProducts = @()
    foreach ($Computer in (Get-Content ".\Computerlist.txt")) {
        (Get-WmiObject AntiVirusProduct -Namespace root\SecurityCenter2 -ComputerName $Computer -ErrorAction SilentlyContinue).DisplayName | % {
            $AVProducts += (New-Object -TypeName psobject -Property  @{ 'Computer' = $Computer; 'AntiVirus' = $_ })
        }
    }
    
    # Display to screen:
    $AVProducts | FT -AutoSize
    
    # Display in Gridview:
    $AVProducts | Out-GridView
    
    # Export to CSV:
    $AVProducts | Export-Csv -Path .\AVProducts.csv -NoTypeInformation

    You will get a record in the CSV sheet for every computer in the input list. 

    You will get multiple records per PC if it has more than one AV/Antimalware products installed.

    An empty cell in the AntiVirus column means either:

    1. The PC does not have AV or Antimalware installed, or 

    2. It's older than Windows Vista SP1


    Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable) _________________________________________________________________________________ Powershell: Learn it before it's an emergency http://technet.microsoft.com/en-us/scriptcenter/powershell.aspx http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx

    • Marked as answer by Agroman09 Monday, October 27, 2014 7:55 AM
    Wednesday, October 22, 2014 12:51 PM