From ee7a46de26858f5e8af8a3e8798f4135cdb9b7b2 Mon Sep 17 00:00:00 2001 From: silversword411 Date: Mon, 19 Apr 2021 22:28:51 -0400 Subject: [PATCH] Script library - defender status tweaks --- .../scripts/community_scripts.json | 16 +++++-- ... Win_Defender_Status_Report_Last24hrs.ps1} | 48 +++++++++---------- .../Win_Defender_Status_Report_LastYear.ps1 | 22 +++++++++ 3 files changed, 59 insertions(+), 27 deletions(-) rename scripts/{Win_Defender_Status.ps1 => Win_Defender_Status_Report_Last24hrs.ps1} (97%) create mode 100644 scripts/Win_Defender_Status_Report_LastYear.ps1 diff --git a/api/tacticalrmm/scripts/community_scripts.json b/api/tacticalrmm/scripts/community_scripts.json index e74d22d9..4c3ac4fd 100644 --- a/api/tacticalrmm/scripts/community_scripts.json +++ b/api/tacticalrmm/scripts/community_scripts.json @@ -262,13 +262,23 @@ }, { "guid": "d980fda3-a068-47eb-8495-1aab07a24e64", - "filename": "Win_Defender_Status.ps1", + "filename": "Win_Defender_Status_Report_Last24hrs.ps1", "submittedBy": "https://github.com/dinger1986", - "name": "Defender - Status", - "description": "This will check for Malware, Antispyware, that Windows Defender is Healthy, last scan etc within the last 24 hours", + "name": "Defender - Status Report Last 24hr", + "description": "Using Event Viewer, this will check for Malware and Antispyware within the last 24 hours and display, otherwise will report as Healthy", "shell": "powershell", "category": "TRMM (Win):Security>Antivirus" }, + { + "guid": "d980fda3-a068-47eb-8495-1aab07a24e64", + "filename": "Win_Defender_Status_Report_LastYear.ps1", + "submittedBy": "https://github.com/silversword411", + "name": "Defender - Status Report Last Year", + "description": "Using Event Viewer, this will check for Malware and Antispyware and display, otherwise will report as Healthy", + "shell": "powershell", + "category": "TRMM (Win):Security>Antivirus", + "default_timeout": "300" + }, { "guid": "9956e936-6fdb-4488-a9d8-8b274658037f", "filename": "Win_Disable_Fast_Startup.bat", diff --git a/scripts/Win_Defender_Status.ps1 b/scripts/Win_Defender_Status_Report_Last24hrs.ps1 similarity index 97% rename from scripts/Win_Defender_Status.ps1 rename to scripts/Win_Defender_Status_Report_Last24hrs.ps1 index 7b9b04cb..0a9fe777 100644 --- a/scripts/Win_Defender_Status.ps1 +++ b/scripts/Win_Defender_Status_Report_Last24hrs.ps1 @@ -1,24 +1,24 @@ -# This will check for Malware, Antispyware, that Windows Defender is Healthy, last scan etc within the last 24 hours - -$ErrorActionPreference= 'silentlycontinue' -$TimeSpan = (Get-Date) - (New-TimeSpan -Day 1) - -if (Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Windows Defender/Operational';ID='1116','1118','1015','1006','5010','5012','5001','1123';StartTime=$TimeSpan}) - -{ -Write-Output "Virus Found or Issue with Defender" -Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Windows Defender/Operational';ID='1116','1118','1015','1006','5010','5012','5001','1123';StartTime=$TimeSpan} -exit 1 -} - - -else - -{ -Write-Output "No Virus Found, Defender is Healthy" -Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Windows Defender/Operational';ID='1150','1001';StartTime=$TimeSpan} -exit 0 -} - - -Exit $LASTEXITCODE +# This will check for Malware, Antispyware, that Windows Defender is Healthy, last scan etc within the last 24 hours + +$ErrorActionPreference= 'silentlycontinue' +$TimeSpan = (Get-Date) - (New-TimeSpan -Day 1) + +if (Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Windows Defender/Operational';ID='1116','1118','1015','1006','5010','5012','5001','1123';StartTime=$TimeSpan}) + +{ +Write-Output "Virus Found or Issue with Defender" +Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Windows Defender/Operational';ID='1116','1118','1015','1006','5010','5012','5001','1123';StartTime=$TimeSpan} +exit 1 +} + + +else + +{ +Write-Output "No Virus Found, Defender is Healthy" +Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Windows Defender/Operational';ID='1150','1001';StartTime=$TimeSpan} +exit 0 +} + + +Exit $LASTEXITCODE diff --git a/scripts/Win_Defender_Status_Report_LastYear.ps1 b/scripts/Win_Defender_Status_Report_LastYear.ps1 new file mode 100644 index 00000000..794e6acf --- /dev/null +++ b/scripts/Win_Defender_Status_Report_LastYear.ps1 @@ -0,0 +1,22 @@ +# This will check for Malware, Antispyware, that Windows Defender is Healthy, last scan etc within the last 24 hours + +$ErrorActionPreference = 'silentlycontinue' +$TimeSpan = (Get-Date) - (New-TimeSpan -Day 365) + +if (Get-WinEvent -FilterHashtable @{LogName = 'Microsoft-Windows-Windows Defender/Operational'; ID = '1116', '1118', '1015', '1006', '5010', '5012', '5001', '1123'; StartTime = $TimeSpan }) +{ + Write-Output "Virus Found or Issue with Defender" + Get-WinEvent -FilterHashtable @{LogName = 'Microsoft-Windows-Windows Defender/Operational'; ID = '1116', '1118', '1015', '1006', '5010', '5012', '5001', '1123'; StartTime = $TimeSpan } + exit 1 +} + + +else +{ + Write-Output "No Virus Found, Defender is Healthy" + Get-WinEvent -FilterHashtable @{LogName = 'Microsoft-Windows-Windows Defender/Operational'; ID = '1150', '1001'; StartTime = $TimeSpan } + exit 0 +} + + +Exit $LASTEXITCODE