Powershell：查找已安装的防病毒软件和状态，过滤掉 Windows Defender

Posted 2023-02-16

【中文标题】Powershell：查找已安装的防病毒软件和状态，过滤掉 Windows Defender

【英文标题】：Powershell: Find installed Antivirus & state, filtering out Windows Defender

【发布时间】：2021-11-25 07:48:30

【问题描述】：

我在这里的另一篇文章中遇到了这个脚本的基础，但是，我想更进一步，并且一直在试验。我想要实现的是获取设备上安装的防病毒软件的名称、状态，当然我想过滤掉 Windows Defender。这是我到目前为止所拥有的......

我不确定如何解决当前代码的问题是，我还获得了 Windows Defender 的状态代码。

非常感谢您的建议和帮助。

clear
function Get-AntivirusName  
[cmdletBinding()]     
param ( 
[string]$ComputerName = "$env:computername" , 
$Credential 
) 
    $wmiQuery = "SELECT * FROM AntiVirusProduct" 
    $AntivirusProduct = Get-WmiObject -Namespace "root\SecurityCenter2" -Query $wmiQuery  @psboundparameters
    [array]$AntivirusNames = $AntivirusProduct.displayName | sort -unique
    [array]$AntivirusState = $AntivirusProduct.productState | sort -unique
    $AntivirusState
    Switch($AntivirusNames) 
        $AntivirusNames.Count -eq 0"Anti-Virus is NOT installed!";Continue
        $AntivirusNames.Count -eq 1 -and $_ -eq "Windows Defender" Write-host "ONLY Windows Defender is installed!";Continue
        $_ -ne "Windows Defender" "Antivirus Product(s): $_."
   

Get-AntivirusName

【参考方案1】：

如果您想排除 Windows Defender，但确实想获得控制台消息，我会更改如下功能：

function Get-AntivirusName  
    [cmdletBinding()]     
    param ( 
        [string]$ComputerName = $env:COMPUTERNAME, 
        $Credential 
    ) 
    $wmiQuery = "SELECT * FROM AntiVirusProduct" 
    $AntivirusProduct = @(Get-CimInstance -Namespace "root\SecurityCenter2" -Query $wmiQuery  @psboundparameters)
    if ($AntivirusProduct.Count -eq 0) 
        Write-Host 'Anti-Virus is NOT installed!' -ForegroundColor Red
    
    elseif ($AntivirusProduct.Count -eq 1 -and $AntivirusProduct.displayName -like '*Windows Defender*') 
        Write-Host 'ONLY Windows Defender is installed!' -ForegroundColor Cyan
    
    else 
        # filter out Windows Defender from the list
        $AntivirusProduct = $AntivirusProduct | Where-Object $_.displayName -notlike '*Windows Defender*' | Sort-Object -Unique
        # output objects with both the product name and the status
        foreach ($avProduct in $AntivirusProduct) 
            [PsCustomObject]@
                AV_Product = $avProduct.displayName
                AV_Status  = $avProduct.productState
            
        
    


Get-AntivirusName