PDQ.com mobilePDQ.com desktop
Support

Windows Defender

Jordan HammondJordan Hammond
·

Is windows defender up to date with its virus definitions? I can’t tell you that myself without you giving way more access to your stuff than you should be comfortable with, but I can tell you how to find it. We are going to do this with the PDQ PowerShell Scanner and a builtin command in PowerShell. And because Nate loves you, we are going to add error handling, so you control your output. As we have with several scripts, we added this to your GitHub for Scanner scripts. These will give you an excellent launching point for ideas. If you have something you would love for the world to know about, please share, we have contributing guidelines here. Watch the accompanying video to this blog post here.

Grabbing Information on Windows Defender

We have the full script here, but let’s break down what we have added and why. You can grab everything you need with a single command.

Get-MpComputerStatus

That is it, that will give you everything you need, even a lot of things you don’t need. Overall it will return 38 columns of data. We don’t think you will need all of that, but each environment will probably be looking for different information. So I would recommend you run this, see what you need and add | Select-Object to the end of that line. That way, it will be customized for your needs. Or continue to grab it all and let your collections and reports fine-tune the data down for you. Both will work great. Nate recommends the following:

Get-MpComputerStatus | Select-Object AMProductVersion, AMServiceEnabled, AntispywareSignatureVersion, AntivirusEnabled

Error Handling

Adding that one command will work, but there are some common instances where it will have an error. Instead of breaking down and searching out what may have gone wrong, let’s test for those errors, and then write a custom message so it is easier to track down what may have gone wrong.

The first error we will capture is if you have machines that are not Windows 10. If it is not, the command will not exist.

if (-Not(Get-Command Get-MpComputerStatus -ErrorAction SilentlyContinue)) {
    throw "Unable to find Get-MpComputerStatus. Available on Windows 10/Server 2016 or higher"
}

This will check for the command, and if it is not there, then it will throw a custom message that makes it clear what happened.

The other common error we see is the windows defender service is not running. So a quick test on that service, and you can error out if it is not.

$DefenderStatus = (Get-Service WinDefend -ErrorAction SilentlyContinue).Status

if ($DefenderStatus -ne "Running") {
    throw "The Windows Defender service is not currently running"
}

This script really highlights that although a one-liner would work, with a little time and a few lines, you can make it run so much cleaner.

Putting it all Together

if (-Not(Get-Command Get-MpComputerStatus -ErrorAction SilentlyContinue)) {
    throw "Unable to find Get-MpComputerStatus. Available on Windows 10/Server 2016 or higher"
}

$DefenderStatus = (Get-Service WinDefend -ErrorAction SilentlyContinue).Status

if ($DefenderStatus -ne "Running") {
    throw "The Windows Defender service is not currently running"
}

Get-MpComputerStatus

Hopefully, this highlights how easy it is to grab information that may not have been readily available to you before. With a little bit of PowerShell, know how you can make sure that you can grab any information you could need at any point.

This blog post is part of our PowerShell Scanner series.

Ready to put the PowerShell scanner through its paces?

Take our 14-day Free Trial. Feel the power of the PowerShell scanner.
Start a Trial

Don't miss the next post!

How To Play 'The Sneaker Net'

This is a walk through / instruction guide on how to play PDQ.com's 2020 sysadmin day game "The Sneaker Net"

PDQ Deploy
PDQ.com
© 2020 PDQ.com Corporation

Products

  • Deploy
  • Inventory
  • Enterprise SL
  • Pricing
  • Downloads
  • Licensing
  • Buy