Determine if Anti Virus Software is installed using Powershell


We monitor some things for some of our customers and their servers , such as disk space, how much memory, number of processors, what versions of things like Microsoft SQL Server and so on, most of this is achieved through Powershell scripts.

I’ve now been asked to find out if there is a way to determine (through Powershell) whether or not the customer has any Anti Virus software installed, and if they do, when it was last updated.

I think it’s a long shot but worth asking the question, does anyone know if this is feasible?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zac HarrisSystems Administrator Commented:
This returns the computer name, the security product name, and its file location along with its definition status and real-time protection status. This will only display the current status of the computers, however, you could pipe this into a text file or the like. I have used this handy script before in my environment and it worked for me.

$AntiVirusProduct = Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct  -ComputerName $computername
#Switch to determine the status of antivirus definitions and real-time protection. 
#Write-Output $AntiVirusProduct.productState
switch ($AntiVirusProduct.productState) { 
    "262144" {$defstatus = "Up to date" ;$rtstatus = "Disabled"} 
    "262160" {$defstatus = "Out of date" ;$rtstatus = "Disabled"} 
    "266240" {$defstatus = "Up to date" ;$rtstatus = "Enabled"} 
    "266256" {$defstatus = "Out of date" ;$rtstatus = "Enabled"} 
    "393216" {$defstatus = "Up to date" ;$rtstatus = "Disabled"} 
    "393232" {$defstatus = "Out of date" ;$rtstatus = "Disabled"} 
    "393488" {$defstatus = "Out of date" ;$rtstatus = "Disabled"} 
    "397312" {$defstatus = "Up to date" ;$rtstatus = "Enabled"} 
    "397328" {$defstatus = "Out of date" ;$rtstatus = "Enabled"} 
    "397584" {$defstatus = "Out of date" ;$rtstatus = "Enabled"} 
    "397568" {$defstatus = "Up to date"; $rtstatus = "Enabled"}
    "393472" {$defstatus = "Up to date" ;$rtstatus = "Disabled"}
default {$defstatus = "Unknown" ;$rtstatus = "Unknown"} 
Write-Output $computername 
Write-Output $AntiVirusProduct.displayName
Write-Output $AntiVirusProduct.pathToSignedProductExe
Write-Output "Definition status:  $defstatus"
Write-Output "Real-time protection status: $rtstatus"

Open in new window

source: Script Source

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mcsglobalAuthor Commented:
That's great Zac, I will give this a go, many thanks for the prompt response.

mcsglobalAuthor Commented:

I've been having a play around with the above script, for the most part it does what I need, however not on a Windows 2012 Server, the below error is returned:

et-WmiObject : Invalid namespace "root\SecurityCenter2"

I've just done some googling and it looks like the Windows Security Center is not on any Server OS, so the script doesn't work, and I want to be able to run this on Clients servers to check for AV Software.

Anyone know of a way of doing this?

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.