-
Notifications
You must be signed in to change notification settings - Fork 239
/
win10-def-get.ps1
104 lines (89 loc) · 5 KB
/
win10-def-get.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<# CIAOPS
Script provided as is. Use at own risk. No guarantees or warranty provided.
Source - https://github.com/directorcia/Office365/blob/master/win10-def-get.ps1
Description - Report Windows Defender configuration
Prerequisites =
More scripts available by joining http://www.ciaopspatron.com
#>
## Variables
$systemmessagecolor = "cyan"
$processmessagecolor = "green"
$errormessagecolor="red"
Clear-Host
write-host -foregroundcolor $systemmessagecolor "Script started`n"
write-host -ForegroundColor Gray -backgroundcolor blue "Latest signature and engine versions"
## https://docs.microsoft.com/en-us/previous-versions/windows/desktop/defender/msft-mpcomputerstatus#properties
$localdefender = Get-MpComputerStatus
write-host -foregroundcolor $processmessagecolor "Read latest version from web page - https://www.microsoft.com/en-us/wdsi/defenderupdates"
$info=invoke-webrequest -Uri "https://www.microsoft.com/en-us/wdsi/defenderupdates" -UseBasicParsing -DisableKeepAlive
write-host -foregroundcolor $processmessagecolor "Find values`n"
$check = $info.RawContent -match '<li>Version: <span>.*'
$ver = $Matches.values
$ver=$ver.replace("<li>Version: <span>","")
$version=$ver.replace("</span></li>","").trim()
if ($localdefender.AntispywareSignatureVersion -match $version ) {
write-host -foregroundcolor $processmessagecolor "Version:",$localdefender.AntispywareSignatureVersion
}
else {
for($i = 0; $i -lt $version.length; $i++) {
if ($version[$i] -notmatch $localdefender.AntispywareSignatureVersion[$i]) {
if (-not $skip) {
if ([int]::Parse($version[$i]) -lt [int]::Parse($localdefender.AntispywareSignatureVersion[$i])) {
$current = $true
$skip = $true
} else {
$current = $false
$skip = $true
}
}
}
}
if ($current) {
write-host -foregroundcolor $processmessagecolor "Local version =",$localdefender.AntispywareSignatureVersion
write-host -foregroundcolor gray " is more current that reported latest version:",$version
} else {
write-host -foregroundcolor $errormessagecolor "Local version =",$localdefender.AntispywareSignatureVersion
write-host -foregroundcolor $errormessagecolor " is less current that web latest version:",$version
}
}
$check = $info.RawContent -match '<li>Engine version: <span>.*'
$ver = $Matches.values
$ver=$ver.replace("<li>Engine Version: <span>","")
$engine=$ver.replace("</span></li>","").trim()
if ($localdefender.AMEngineVersion -match $engine ) {
write-host -foregroundcolor $processmessagecolor "Engine version =",$localdefender.AMEngineVersion
}
else {
write-host -foregroundcolor $errormessagecolor "Engine version =",$localdefender.AMEngineVersion,"["$engine"]"
}
$check = $info.RawContent -match '<li>Platform version: <span>.*'
$ver = $Matches.values
$ver=$ver.replace("<li>Platform Version: <span>","")
$platform=$ver.replace("</span></li>","").trim()
if ($localdefender.AMServiceVersion -like $platform ) {
write-host -foregroundcolor $processmessagecolor "Platform version =",$localdefender.AMServiceVersion
}
else {
write-host -foregroundcolor $errormessagecolor "Platform version =",$localdefender.AMServiceVersion,"["$platform"]"
}
$check = $info.RawContent -match '<li>Released: <span id=.*'
$ver = $Matches.values
$ver=$ver.replace('<li>Released: <span id="dateofrelease">',"")
$release=$ver.replace("</span></li>","").trim()
write-host -foregroundcolor $processmessagecolor "Released (UTC) =",$release
write-host -foregroundcolor gray " Last local update:",$localdefender.AntivirusSignatureLastUpdated
write-host -foregroundcolor $processmessagecolor "Anti-Malware Mode =",$localdefender.AMRunningMode
write-host -foregroundcolor $processmessagecolor "Anti-Malware Service enabled =",$localdefender.AMServiceEnabled
write-host -foregroundcolor $processmessagecolor "Anti-Spyware Service enabled =",$localdefender.AntispywareEnabled
write-host -foregroundcolor $processmessagecolor "Anti-Virus Service enabled =",$localdefender.AntivirusEnabled
write-host -foregroundcolor $processmessagecolor "Behavior Monitoring enabled =",$localdefender.BehaviorMonitorEnabled
write-host -foregroundcolor $processmessagecolor "Scan all downloaded files and attachments =",$localdefender.IoavProtectionEnabled
if ($localdefender.IsTamperProtected) {
write-host -foregroundcolor $processmessagecolor "Is tamper protected enabled =",$localdefender.IsTamperProtected
} else {
write-host -foregroundcolor $errormessagecolor "Is tamper protected enabled =",$localdefender.IsTamperProtected
}
write-host -foregroundcolor $processmessagecolor "NRI Engine enabled =",$localdefender.NISEnabled
write-host -foregroundcolor $processmessagecolor "On Access Protection enabled =",$localdefender.OnAccessProtectionEnabled
write-host -foregroundcolor $processmessagecolor "Real Time Protection enabled =",$localdefender.RealTimeProtectionEnabled
write-host -foregroundcolor $systemmessagecolor "`nScript completed`n"