Merge pull request #75 from akunzai/antivirus-not-found

The Microsoft Defender module was not found before Windows Server 2016
akunzai · Jan 31, 2023 · a5aa6e1 · a5aa6e1
2 parents 029f826 + af97cdd
commit a5aa6e1
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -51,7 +51,7 @@ git pull
 Sample output
 
 ````markdown
-# Windows Secure Auditor: 0.13.3
+# Windows Secure Auditor: 0.13.4
 
 ## System Information
 

diff --git a/README.zh-TW.md b/README.zh-TW.md
@@ -51,7 +51,7 @@ git pull
 範例輸出
 
 ````markdown
-# Windows Secure Auditor: 0.13.3
+# Windows Secure Auditor: 0.13.4
 
 ## 系統資訊
 

diff --git a/SecureAuditor.ini b/SecureAuditor.ini
@@ -4,6 +4,9 @@ Exclude =
 ; Regex pattern to include rule name
 Include = .*
 
+[Antivirus]
+Enabled = true
+
 [ComputerInfo]
 Properties = OSName, OsVersion, OsLocale, OsLocalDateTime, TimeZone, OsUpTime
 

diff --git a/SecureAuditor.psd1 b/SecureAuditor.psd1
@@ -6,7 +6,7 @@
     # RootModule = ''
 
     # Version number of this module.
-    ModuleVersion          = '0.13.3'
+    ModuleVersion          = '0.13.4'
 
     # Supported PSEditions
     # CompatiblePSEditions = @()

diff --git a/rules/Antivirus.psm1 b/rules/Antivirus.psm1
@@ -2,6 +2,7 @@
     # culture="en-US"
     ConvertFrom-StringData @'
     Antivirus = Antivirus
+    FailedToDetectAntivirus = Failed to detect AntiVirus
     Installed = Installed
     UpdatedStatus = Updated Status
 '@
@@ -12,37 +13,44 @@ if ($PSUICulture -ne 'en-US') {
 }
 
 function Test($config) {
+    if (-not [bool]$config.Antivirus.Enabled) {
+        return
+    }
     if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
         $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
         Write-UnsupportedPlatform($ruleName)
         return
     }
+    Write-Output "`n## $($i18n.Antivirus)`n"
     $osInfo = Get-CimInstance -ClassName Win32_OperatingSystem
     if ($osInfo.ProductType -ne 1) {
         # Windows Server
         # https://help.eset.com/efsw/9.0/en-US/work_wmi_provider_data.html
         $product = Get-CimInstance -Namespace root/ESET -ClassName ESET_Product -ErrorAction SilentlyContinue
         if ($null -ne $product) {
-            Write-Output "`n## $($i18n.Antivirus)`n"
             Write-CheckList $true "$($i18n.Installed): $($product.Name) $($product.Version)"
             Write-CheckList ($product.StatusCode -eq 0) "$($i18n.UpdatedStatus): $($product.VirusDBLastUpdate) - $($product.VirusDBVersion)"
             return
         }
-        # https://learn.microsoft.com/powershell/module/defender/get-mpcomputerstatus
-        $product = Get-MpComputerStatus -ErrorAction SilentlyContinue
-        if ($null -ne $product) {
-            Write-Output "`n## $($i18n.Antivirus)`n"
-            Write-CheckList $product.AntivirusEnabled "$($i18n.Installed): Microsoft Defender $($product.AMProductVersion)"
-            Write-CheckList (-not $product.DefenderSignaturesOutOfDate) ("$($i18n.UpdatedStatus): {0:yyyy-MM-dd'T'HH:mm:ssK} - $($product.AntivirusSignatureVersion)" -f $product.AntivirusSignatureLastUpdated)
-            return
+        # The Microsoft Defender module was not found before Windows Server 2016
+        # https://www.powershellgallery.com/packages/WindowsDefender/
+        if (Get-Command 'Get-MpComputerStatus' -ErrorAction SilentlyContinue) {
+            # https://learn.microsoft.com/powershell/module/defender/get-mpcomputerstatus
+            $product = Get-MpComputerStatus -ErrorAction SilentlyContinue
+            if ($null -ne $product) {
+                Write-CheckList $product.AntivirusEnabled "$($i18n.Installed): Microsoft Defender $($product.AMProductVersion)"
+                Write-CheckList (-not $product.DefenderSignaturesOutOfDate) ("$($i18n.UpdatedStatus): {0:yyyy-MM-dd'T'HH:mm:ssK} - $($product.AntivirusSignatureVersion)" -f $product.AntivirusSignatureLastUpdated)
+                return
+            }
         }
     }
     # https://jdhitsolutions.com/blog/powershell/5187/get-antivirus-product-status-with-powershell/
     $products = Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct -ErrorAction SilentlyContinue
     if ($null -eq $products -or $products.Count -eq 0) {
+        Write-CheckList $false "$($i18n.Installed): $($i18n.FailedToDetectAntivirus)"
+        Write-CheckList $false "$($i18n.UpdatedStatus): $($i18n.FailedToDetectAntivirus)"
         return
     }
-    Write-Output "`n## $($i18n.Antivirus)`n"
     $enabled = $products | Where-Object { ('0x{0:x}' -f $_.ProductState).SubString(3, 2) -notmatch '00|01' } | Sort-Object -Property timestamp -Descending
     Write-CheckList ($enabled.Count -gt 0) "$($i18n.Installed): $($enabled[0].displayName)"
     if ($enabled.Count -gt 0) {

diff --git a/rules/zh-TW/Antivirus.psd1 b/rules/zh-TW/Antivirus.psd1
@@ -1,6 +1,7 @@
 # culture="zh-TW"
 ConvertFrom-StringData -StringData @'
 Antivirus = 防毒軟體
+FailedToDetectAntivirus = 未能檢測到防毒軟體
 Installed = 已安裝
 UpdatedStatus = 更新狀態
 '@