This is for running as a logoff script. It will write one line of CSV to a file on a share someplace if Sophos isn't active and current.
It does not run on XP. For XP change the first line to say root\SecurityCenter instead of root\SecurityCenter2 then pray. I'm not a programmer so it's not pretty.
- Joe
$objWMi = get-wmiobject -namespace root\SecurityCenter2 -computername localhost -Query "Select * from AntiVirusProduct"
foreach ($obj in $objWmi)
{
#Get Sophos State and convert to Hex. Should be 051000
#05 = AV & FW
#10 = Active
#00 = up to date
$HexProductState = [Convert]::ToString($obj.productState,16)
#Put a Zero on the front of the HexProductState so it's real Hex
$HexproductState = "0"+$HexproductState
#Get the date in simple format
$CurrentDate = Get-Date -format g
#Make a good state to compare against - Change this to test if it works!
$GoodAvState = "051000"
#If we are out of date report it.
If ($HexproductState -ne $GoodAvState)
{
#Make a string Computername, AntivirusName,Productstate, Username, Date/Time
$AvInfo = $env:COMPUTERNAME+", "+ $obj.displayName+", "+$HexProductState+", "+$env:UserName+", "+$CurrentDate
#File to write to with the PC name in the filename. The folder needs to exist. This will be a network share someplace.
#The folder must exist. This only creates a file.
$aFilePath = "\\Some\Network\Share\"+$env:ComputerName+"-AvInfo.log"
#Display what we are writing on the screen for debugging
write-host $AvInfo
#Write it to the file
$AvInfo | Out-File -FilePath $aFilePath -append -Force
}
}
This thread was automatically locked due to age.