Microsoft Scripting Guy Ed Wilson here. Today, I finally had time to do something I have been wanting to do for a long time: I played around with Microsoft Security Essentials (the free downloadable anti-malware program from Microsoft). When I say “played around with,” I mean I began to look at seeing what I could do from a scripting perspective. I think Microsoft Security Essentials is pretty cool, and I have even installed it on my mom’s computer, which should let you know that I think it is an awesome program. The fact that it is free is just icing on the cake.
I also have it installed on computers in my lab, and because those computers are not always turned on, it is inconvenient when I power them on to have to sit and wait while they download signature updates, do scans, and so on. I wanted the ability to update the virus signature from a script. If I could also launch a quick scan, that would be even better.
As it turns out, there is not an API for Microsoft Security Essentials; however, there is a command-line utility. When using Windows PowerShell, having a command-line utility available to you is just about as good as having an API. I came up with the Invoke-SecurityEssentials.ps1 script seen here to update signatures, and to kick off default scans, quick scans, and full scans.
Invoke-SecurityEssentials.ps1
<#
.Synopsis
Runs Microsoft Security Essentials to scan or update anti-virus pattern
.Example
Invoke-SecurityEssentials.ps1 -UpdateSignature
Updates antivirus and malicious software pattern
.Example
Invoke-SecurityEssentials.ps1 -DefaultScan
Updates antivirus and malicious software pattern and performs default scan
.Example
Invoke-SecurityEssentials.ps1 -quickScan
Updates antivirus and malicious software pattern and performs a quick scan
.Example
Invoke-SecurityEssentials.ps1 -fullScan
Updates antivirus and malicious software pattern and performs a full scan
.Notes
NAME: Invoke-SecurityEssentials.ps1
AUTHOR: Ed Wilson
LASTEDIT: 4/30/2010
KEYWORDS: Windows PowerShell, Scripting Guy, security, antivirus, WES-5-16-10
.Link
Http://www.ScriptingGuys.com
Http://bit.ly/hsgblog
Http://bit.ly/WeekendScripter
#Requires -Version 2.0
#>
Param(
[switch]$updateSignature,
[switch]$defaultScan,
[switch]$quickScan,
[switch]$fullScan
)
Function Invoke-SecurityEssentials
{
Param($action)
$path = “c:program filesmicrosoft security essentialsMPCMDRUN.EXE”
Switch ($action)
{
$updateSignature { &$path -signatureUpdate }
$defaultScan { &$path -scan }
$quickScan { &$path -scan -scantype 1 }
$fullScan { &$path -scan -scantype 2 }
} #end switch
} #end function Invoke-SecurityEssentials
Function Get-Results
{
Get-EventLog -LogName system -Source “Microsoft Anti-Malware” -Newest 2 |
Format-Table -Property timewritten, message -Wrap -auto
} # end function Get-Results
# *** entry point to script ***
$quickScan = $true
If($updateSignature)
{ Invoke-SecurityEssentials -action $updateSignature ; Exit }
If($defaultScan)
{ Invoke-SecurityEssentials -action $defaultScan ; Get-Results ; Exit }
If($quickScan)
{ Invoke-SecurityEssentials -action $quickScan ; Get-Results ; Exit }
If($fullScan)
{ Invoke-SecurityEssentials -action $fullScan ; Get-Results ; Exit }
The script itself uses command-line parameters to allow you to perform the different actions. An If statement looks for the command-line parameters and passes the appropriate action to the Invoke-SecurityEssentials function. This portion of the script is shown here:
# *** entry point to script ***
If($updateSignature)
{ Invoke-SecurityEssentials -action $updateSignature ; Exit }
If($defaultScan)
{ Invoke-SecurityEssentials -action $defaultScan ; Get-Results ; Exit }
If($quickScan)
{ Invoke-SecurityEssentials -action $quickScan ; Get-Results ; Exit }
If($fullScan)
{ Invoke-SecurityEssentials -action $fullScan ; Get-Results ; Exit }
Inside the Invoke-SecurityEssentials function, a Switch statement is used to parse th e input action and choose the appropriate command line. This is shown here:
Param($action)
$path = “c:program filesmicrosoft security essentialsMPCMDRUN.EXE”
Switch ($action)
{
$updateSignature { &$path -signatureUpdate }
$defaultScan { &$path -scan }
$quickScan { &$path -scan -scantype 1 }
$fullScan { &$path -scan -scantype 2 }
} #end switch
After the appropriate command line has completed, control of the script returns to the calling code. When the function runs, no feedback is produced on the command line. The event log seen in the following image records the start time and the end time of the Security Essentials scan.
The Get-Results function is used to query for the two most recent events related to the antivirus program. This code is shown here:
Get-EventLog -LogName system -Source “Microsoft Antimalware” -Newest 2 |
Format-Table -Property timewritten, message -Wrap -auto
When the script has run, the results seen in the following image are displayed.
Because I used help tags when I was writing the script, you can receive command-line assistance from the Get-Help cmdlet. The help tags are shown here:
<#
.Synopsis
Runs Microsoft Security Essentials to scan or update anti-virus pattern
.Example
Invoke-SecurityEssentials.ps1 -UpdateSignature
Updates antivirus and malicious software pattern
.Example
Invoke-SecurityEssentials.ps1 -DefaultScan
Updates antivirus and malicious software pattern and performs default scan
.Example
Invoke-SecurityEssentials.ps1 -quickScan
Updates antivirus and malicious software pattern and performs a quick scan
.Example
Invoke-SecurityEssentials.ps1 -fullScan
Updates antivirus and malicious software pattern and performs a full scan
.Notes
NAME: Invoke-SecurityEssentials.ps1
AUTHOR: Ed Wilson
LASTEDIT: 4/30/2010
KEYWORDS: Windows PowerShell, Scripting Guy, security, antivirus, WES-5-16-10
.Link
Http://www.ScriptingGuys.com
Http://bit.ly/hsgblog
Http://bit.ly/WeekendScripter
#Requires -Version 2.0
#>
When you call the script with Get-Help, the output shown in the following image appears.
Well, that is about all there is to playing around with Microsoft Security Essentials and Windows PowerShell. If you want to know exactly what we will be looking at tomorrow, follow us on Twitter or FaceBook. If you have any questions, send e-mail to us at scripter@microsoft.com or post them on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson and Craig Liebendorfer, Scripting Guys
0 comments