Calculating Machine Calculating Machine - 3 months ago 7
PowerShell Question

Powershell : How to get Antivirus product details

We have over 1500 servers. Windows 2003, 2008 and 2012. I have to gather the details of antivirus(Product Name & Version) on these servers.
There could be multiple antivirus product.
I am not sure powershell script will work on 2003 server.

So, far i tried below scripts but not got useful information.

$av = get-wmiobject -class "Win32_Product" -namespace "root\cimv2" `
-computername "." -filter "Name like '%antivirus%'"


Below script is working fine on client operating system.

$wmiQuery = "SELECT * FROM AntiVirusProduct"
$AntivirusProduct = Get-WmiObject -Namespace "root\SecurityCenter2" -Query $wmiQuery @psboundparameters # -ErrorVariable myError -ErrorAction 'SilentlyContinue'
Write-host $AntivirusProduct.displayName


Can anybody advise me on this?
I am trying to get the details of antivirus(Product & Version)
What do i need to do for win server 2003?

Answer

Instead of relying on running processes, you could query the registry :

$computerList = "localhost", "localhost"
$filter = "antivirus"

$results = @()
foreach($computerName in $computerList) {

    $hive = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine, $computerName)
    $regPathList = "SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall",
                   "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

    foreach($regPath in $regPathList) {
        if($key = $hive.OpenSubKey($regPath)) {
            if($subkeyNames = $key.GetSubKeyNames()) {
                foreach($subkeyName in $subkeyNames) {
                    $productKey = $key.OpenSubKey($subkeyName)
                    $productName = $productKey.GetValue("DisplayName")
                    $productVersion = $productKey.GetValue("DisplayVersion")
                    $productComments = $productKey.GetValue("Comments")
                    if(($productName -match $filter) -or ($productComments -match $filter)) {
                        $resultObj = [PSCustomObject]@{
                            Host = $computerName
                            Product = $productName
                            Version = $productVersion
                            Comments = $productComments
                        }
                        $results += $resultObj
                    }
                }
            }
        }
        $key.Close()
    }
}

$results | ft -au

Example output :

Host      Product              Version   Comments
----      -------              -------   --------
localhost Avast Free Antivirus 10.4.2233         
localhost Avast Free Antivirus 10.4.2233