Dcomputers/TacticalRMM_Scripts
2
0
Fork 0
Code Activity

Add Check_scripts/Win - Defender status report.ps1

Browse Source
This commit is contained in:
Danny de Kooker
2023-09-06 15:26:27 +02:00
parent 3a24e6e2c7
commit 83d37b3928
1 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
Check_scripts/Win - Defender status report.ps1 Normal file
View File

@@ -0,0 +1,55 @@
<#
.SYNOPSIS
Check the status of Windows Defender and report back to TRMM
.DESCRIPTION
This script will check if there have been any viruses found by Windows defender in the last x days,
This script should be deployed as a Check Script.
By default the script will check upto 1 day back in the log,
if you specify the first argument of the script it's the amount of days it will search back.
.OUTPUTS
This script will report back if it found any of the event logs on the machine with the message of that log entry.
If it doesn't find any viruses (hopefully) it will report back status 0 (No virus found)
Errorcodes:
0 - All OK
1 - Virus found, {Log information}
.EXAMPLE
Win - Defender status report.ps1 {Ammount of days to check back}
Win - Defender status report.ps1 7
.NOTES
Source: Tactical RMM repository
.CHANGELOG
24-06-2022 - Copied from TRMM repo, tweaked for my customers.
#>
#region Parameters, functions and global variables
$param1 = $args[0]
$ErrorActionPreference = 'silentlycontinue'
#endregion
#region script
if ($Args.Count -eq 0) {
$TimeSpan = (Get-Date) - (New-TimeSpan -Day 1)
}
else {
$TimeSpan = (Get-Date) - (New-TimeSpan -Day $param1)
}
if (Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Windows Defender/Operational';ID='1122','1012','1009','1119','1118','1008','1006','1116','1121','1015','1124','1123','1160';StartTime=$TimeSpan}) {
Write-Output "Virus Found or Issue with Defender"
Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Windows Defender/Operational';ID='1122','1012','1009','1119','1118','1008','1006','1121','1116','1015','1124','1123','1160';StartTime=$TimeSpan} | Select-Object -ExpandProperty Message -First 1
exit 1
}
else {
Write-Output "No Virus Found, Defender is Healthy"
Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Windows Defender/Operational';ID='1150','1001';StartTime=$TimeSpan}
exit 0
}
Exit $LASTEXITCODE
#endregion