Windows Tip Sheet

How To Be Pro Antivirus

Use the power of scripting to remotely check which computers are secure.

If you are running an enterprise-level antivirus solution, this week’s tip may be interesting only from a technical point of view. But if you are in charge of a shop where antivirus installations are little varied or spotty, this might help you out.

On Windows XP desktops, any antivirus product worth having should register itself with the SecurityCenter namespace in WMI (Windows Management Instrumentation for those of you just joining us). If you know where to look, you can find out what product is installed and its current version. You won’t be able to tell if its definitions file or database is up to date, but at least you’ll get a handle on who has what.

Now I could give you the WMI information and say, “Go write a script”. But I won’t do that to you. Instead, you can use the instance of PowerShell running on your desktop and remotely check computers. If you don’t have PowerShell yet, go to Microsoft.com and download it. We’ll wait.

OK. Open a PowerShell session. Let’s first check your own machine. Run this expression (all on one line):

Get-wmiobject -namespace "root\securitycenter" –class "AntiVirusProduct" | select CompanyName,DisplayName, VersionNumber

If all goes well, you should see three columns showing your installed antivirus product. I wanted to use a select WMI query but this is one of those classes that doesn’t seem to support it, so stick to what I’m using.

To connect to another desktop is essentially the same except add the –computer parameter:

Get-wmiobject –computer "DESKTOP01"-namespace "root\securitycenter" –class "AntiVirusProduct" | select CompanyName,DisplayName,VersionNumber

Want to process a list of desktops? It's a few extra steps, but can be done this way:

PS C:\ > $d=get-content desktops.txt

PS C:\ > $av={get-wmiobject -computer $computer -namespace "root\securitycenter" -class "AntiVirusProduct" | select CompanyName,DisplayName,VersionNumber}

PS C:\ > foreach ($c in $d) {$computer=$c;$computer.toUpper();&$av}

Tech Help—Just An
E-Mail Away

Got a Windows, Exchange or virtualization question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to the MCPmag.com editors at [email protected]; the best questions get answered in this column and garner the questioner with a nifty Redmond T-shirt.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message, but submit the requested information for verification purposes.)

You should get a decent picture of your antivirus situation and at least identify those desktops that need some immediate attention.

If you have any issues with the PowerShell commands, post your question in the PowerShell forum at ScriptingAnswers.com.

About the Author

Jeffery Hicks is an IT veteran with over 25 years of experience, much of it spent as an IT infrastructure consultant specializing in Microsoft server technologies with an emphasis in automation and efficiency. He is a multi-year recipient of the Microsoft MVP Award in Windows PowerShell. He works today as an independent author, trainer and consultant. Jeff has written for numerous online sites and print publications, is a contributing editor at Petri.com, and a frequent speaker at technology conferences and user groups.

comments powered by Disqus
Most   Popular