Powershell:查找已安装的Antivirus和状态，筛选出Windows Defender

Question

我在这里的另一篇文章中偶然发现了这个脚本的基础，然而，我想更进一步，并一直在实验。我想要实现的是获得安装在设备上的杀毒软件的名称和状态，当然我也想过滤掉Windows Defender。这是我到目前为止所做的。

我不确定如何解决当前代码的问题是，我也得到了Windows Defender的状态代码。

我将非常感谢您的建议和帮助。

clear
function Get-AntivirusName { 
[cmdletBinding()]     
param ( 
[string]$ComputerName = "$env:computername" , 
$Credential 
) 
    $wmiQuery = "SELECT * FROM AntiVirusProduct" 
    $AntivirusProduct = Get-WmiObject -Namespace "root\SecurityCenter2" -Query $wmiQuery  @psboundparameters
    [array]$AntivirusNames = $AntivirusProduct.displayName | sort -unique
    [array]$AntivirusState = $AntivirusProduct.productState | sort -unique
    $AntivirusState
    Switch($AntivirusNames) {
        {$AntivirusNames.Count -eq 0}{"Anti-Virus is NOT installed!";Continue}
        {$AntivirusNames.Count -eq 1 -and $_ -eq "Windows Defender"} {Write-host "ONLY Windows Defender is installed!";Continue}
        {$_ -ne "Windows Defender"} {"Antivirus Product(s): $_."}
   }
}
Get-AntivirusName

Answer 1

如果您想要排除Windows Defender，但又想获得控制台消息，我将如下所示更改函数：

function Get-AntivirusName { 
    [cmdletBinding()]     
    param ( 
        [string]$ComputerName = $env:COMPUTERNAME, 
        $Credential 
    ) 
    $wmiQuery = "SELECT * FROM AntiVirusProduct" 
    $AntivirusProduct = @(Get-CimInstance -Namespace "root\SecurityCenter2" -Query $wmiQuery  @psboundparameters)
    if ($AntivirusProduct.Count -eq 0) {
        Write-Host 'Anti-Virus is NOT installed!' -ForegroundColor Red
    }
    elseif ($AntivirusProduct.Count -eq 1 -and $AntivirusProduct.displayName -like '*Windows Defender*') {
        Write-Host 'ONLY Windows Defender is installed!' -ForegroundColor Cyan
    }
    else {
        # filter out Windows Defender from the list
        $AntivirusProduct = $AntivirusProduct | Where-Object {$_.displayName -notlike '*Windows Defender*'} | Sort-Object -Unique
        # output objects with both the product name and the status
        foreach ($avProduct in $AntivirusProduct) {
            [PsCustomObject]@{
                AV_Product = $avProduct.displayName
                AV_Status  = $avProduct.productState
            }
        }
    }
}

Get-AntivirusName