Windows Tip Sheet
How To Be Pro Antivirus
Use the power of scripting to remotely check which computers are secure.
- By Jeffery Hicks
- 05/23/2007
If you are running an enterprise-level antivirus solution, this week’s tip may be interesting only from a technical point of view. But if you are in charge of a shop where antivirus installations are little varied or spotty, this might help you out.
On Windows XP desktops, any antivirus product worth having should register itself with the SecurityCenter namespace in WMI (Windows Management Instrumentation for those of you just joining us). If you know where to look, you can find out what product is installed and its current version. You won’t be able to tell if its definitions file or database is up to date, but at least you’ll get a handle on who has what.
Now I could give you the WMI information and say, “Go write a script”. But I won’t do that to you. Instead, you can use the instance of PowerShell running on your desktop and remotely check computers. If you don’t have PowerShell yet, go to Microsoft.com and download it. We’ll wait.
OK. Open a PowerShell session. Let’s first check your own machine. Run this expression (all on one line):
Get-wmiobject -namespace "root\securitycenter" –class "AntiVirusProduct" | select CompanyName,DisplayName, VersionNumber
If all goes well, you should see three columns showing your installed antivirus product. I wanted to use a select WMI query but this is one of those classes that doesn’t seem to support it, so stick to what I’m using.
To connect to another desktop is essentially the same except add the –computer parameter:
Get-wmiobject –computer "DESKTOP01"-namespace "root\securitycenter" –class "AntiVirusProduct" | select CompanyName,DisplayName,VersionNumber
Want to process a list of desktops? It's a few extra steps, but can be done this way:
PS C:\ > $d=get-content desktops.txt
PS C:\ > $av={get-wmiobject -computer $computer -namespace "root\securitycenter" -class "AntiVirusProduct" | select CompanyName,DisplayName,VersionNumber}
PS C:\ > foreach ($c in $d) {$computer=$c;$computer.toUpper();&$av}
Tech Help—Just An
E-Mail Away |
|
Got a Windows, Exchange or virtualization question
or need troubleshooting help? Or maybe you want a better
explanation than provided in the manuals? Describe
your dilemma in an e-mail to the MCPmag.com editors
at [email protected];
the best questions get answered in this column and garner
the questioner with a nifty Redmond T-shirt.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message, but submit the requested
information for verification purposes.) |
|
|
You should get a decent picture of your antivirus situation and at least identify those desktops that need some immediate attention.
If you have any issues with the PowerShell commands, post your question in the PowerShell forum at ScriptingAnswers.com.
About the Author
Jeffery Hicks is an IT veteran with over 25 years of experience, much of it spent as an IT infrastructure consultant specializing in Microsoft server technologies with an emphasis in automation and efficiency. He is a multi-year recipient of the Microsoft MVP Award in Windows PowerShell. He works today as an independent author, trainer and consultant. Jeff has written for numerous online sites and print publications, is a contributing editor at Petri.com, and a frequent speaker at technology conferences and user groups.