我有一个PowerShell脚本,它将向Windows Defender添加排除项。我用
Add-MpPreference -ExclusionPath "C:\Temp"
Add-MpPreference -ExclusionPath "C:\Users\ME\Desktop"
添加排除项,但如果计算机上还有除Windows Defender之外的其他防病毒软件,则PowerShell会给我一个错误。我需要能够捕获错误,然后有一个弹出窗口,说明已经安装了另一个防病毒软件。
您可以预先检查是否已安装并激活其他防病毒程序,而不是捕获错误。
Get-CimInstance -Namespace “root\SecurityCenter2” -Class AntiVirusProduct
您可以将返回的产品状态转换为十六进制并将其拆分为3个字节块,以检查type(第一个字节块),状态(第二个字节块)以及它是否是最新的(第三个字节块)。
('{0:X6}' -f $productState).Substring(2, 2) # 10 should be product is active
('{0:X6}' -f $productState).Substring(4, 2) # 00 should be up to date
请参阅以下代码作为示例:
$AV = Get-CimInstance -Namespace “root\SecurityCenter2” -Class AntiVirusProduct
$WD = $AV | Where-Object {$_.displayName -like "Windows Defender"}
$installedAV = $AV | Where-Object {$_.displayName -notlike "Windows Defender"}
$productState = [int]('{0:X6}' -f $WD.productState).Substring(2, 2)
if ($productState -eq 10) {
Add-MpPreference -ExclusionPath "C:\Temp"
Add-MpPreference -ExclusionPath "C:\Users\ME\Desktop"
} else {
# https://msdn.microsoft.com/en-us/library/x83z1d9f%28v=vs.84%29.aspx?f=255&MSPPError=-2147217396
$wshell = New-Object -ComObject Wscript.Shell
$wshell.Popup("Another AV is installed: $($installedAV.displayName)", 0, "", 0x10)
}
我自己拿到了。我写:
$AV = Get-CimInstance -Namespace "root\SecurityCenter2" -Class AntiVirusProduct
$installedAV = $AV | Where-Object {$_.displayName -notlike "Windows Defender"}
$otherAV = $AV | Where-Object {$_.displayName -ne "Windows Defender"}
if ($otherAV) {
$wshell = New-Object -ComObject Wscript.Shell
$wshell.Popup("Another AV is installed: $($installedAV.displayName)",0,"Error!",16)
}else{
$wshell = New-Object -ComObject Wscript.Shell
$wshell.Popup("Only Windows Defender is installed as your AV.",0,"Passed",0)
}