May 16th, 2010

Hey, Scripting Guy! Weekend Scripter: Scripting Microsoft Security Essentials

Bookmark and Share

Microsoft Scripting Guy Ed Wilson here. Today, I finally had time to do something I have been wanting to do for a long time: I played around with Microsoft Security Essentials (the free downloadable anti-malware program from Microsoft). When I say “played around with,” I mean I began to look at seeing what I could do from a scripting perspective. I think Microsoft Security Essentials is pretty cool, and I have even installed it on my mom’s computer, which should let you know that I think it is an awesome program. The fact that it is free is just icing on the cake.

I also have it installed on computers in my lab, and because those computers are not always turned on, it is inconvenient when I power them on to have to sit and wait while they download signature updates, do scans, and so on. I wanted the ability to update the virus signature from a script. If I could also launch a quick scan, that would be even better.

As it turns out, there is not an API for Microsoft Security Essentials; however, there is a command-line utility. When using Windows PowerShell, having a command-line utility available to you is just about as good as having an API. I came up with the Invoke-SecurityEssentials.ps1 script seen here to update signatures, and to kick off default scans, quick scans, and full scans.

Invoke-SecurityEssentials.ps1

<#
  .Synopsis
    Runs Microsoft Security Essentials to scan or update anti-virus pattern
   .Example
    Invoke-SecurityEssentials.ps1 -UpdateSignature
    Updates antivirus and malicious software pattern
   .Example
    Invoke-SecurityEssentials.ps1 -DefaultScan
    Updates antivirus and malicious software pattern and performs default scan
   .Example
    Invoke-SecurityEssentials.ps1 -quickScan
    Updates antivirus and malicious software pattern and performs a quick scan
   .Example
    Invoke-SecurityEssentials.ps1 -fullScan
    Updates antivirus and malicious software pattern and performs a full scan
   .Notes
    NAME:  Invoke-SecurityEssentials.ps1
    AUTHOR: Ed Wilson
    LASTEDIT: 4/30/2010
    KEYWORDS: Windows PowerShell, Scripting Guy, security, antivirus, WES-5-16-10
   .Link
     Http://www.ScriptingGuys.com
     Http://bit.ly/hsgblog
     Http://bit.ly/WeekendScripter
 #Requires -Version 2.0
 #>
Param(
 [switch]$updateSignature,
 [switch]$defaultScan,
 [switch]$quickScan,
 [switch]$fullScan
)

Function Invoke-SecurityEssentials
{
 Param($action)
 $path = “c:program filesmicrosoft security essentialsMPCMDRUN.EXE”
 Switch ($action)
  {
   $updateSignature { &$path -signatureUpdate }
   $defaultScan { &$path -scan }
   $quickScan { &$path -scan -scantype 1 }
   $fullScan { &$path -scan -scantype 2 }
  } #end switch
} #end function Invoke-SecurityEssentials

Function Get-Results
{
 Get-EventLog -LogName system -Source “Microsoft Anti-Malware” -Newest 2 |
 Format-Table -Property timewritten, message -Wrap -auto
} # end function Get-Results

# *** entry point to script ***
$quickScan = $true

If($updateSignature)
 { Invoke-SecurityEssentials -action $updateSignature ;  Exit }
If($defaultScan)
 { Invoke-SecurityEssentials -action $defaultScan ; Get-Results ; Exit }
If($quickScan)
 { Invoke-SecurityEssentials -action $quickScan ; Get-Results ; Exit }
If($fullScan)
 { Invoke-SecurityEssentials -action $fullScan ; Get-Results ; Exit }

The script itself uses command-line parameters to allow you to perform the different actions. An If statement looks for the command-line parameters and passes the appropriate action to the Invoke-SecurityEssentials function. This portion of the script is shown here:

# *** entry point to script ***

If($updateSignature)
 { Invoke-SecurityEssentials -action $updateSignature ;  Exit }
If($defaultScan)
 { Invoke-SecurityEssentials -action $defaultScan ; Get-Results ; Exit }
If($quickScan)
 { Invoke-SecurityEssentials -action $quickScan ; Get-Results ; Exit }
If($fullScan)
 { Invoke-SecurityEssentials -action $fullScan ; Get-Results ; Exit }

Inside the Invoke-SecurityEssentials function, a Switch statement is used to parse th e input action and choose the appropriate command line. This is shown here:

Param($action)
 $path = “c:program filesmicrosoft security essentialsMPCMDRUN.EXE”
 Switch ($action)
  {
   $updateSignature { &$path -signatureUpdate }
   $defaultScan { &$path -scan }
   $quickScan { &$path -scan -scantype 1 }
   $fullScan { &$path -scan -scantype 2 }
  } #end switch

After the appropriate command line has completed, control of the script returns to the calling code. When the function runs, no feedback is produced on the command line. The event log seen in the following image records the start time and the end time of the Security Essentials scan.

Image of event log that records start time and end time of scan

The Get-Results function is used to query for the two most recent events related to the antivirus program. This code is shown here:

Get-EventLog -LogName system -Source “Microsoft Antimalware” -Newest 2 |
Format-Table -Property timewritten, message -Wrap -auto

When the script has run, the results seen in the following image are displayed.

Image of results of script running

Because I used help tags when I was writing the script, you can receive command-line assistance from the Get-Help cmdlet. The help tags are shown here:

<#
  .Synopsis
    Runs Microsoft Security Essentials to scan or update anti-virus pattern
   .Example
    Invoke-SecurityEssentials.ps1 -UpdateSignature
    Updates antivirus and malicious software pattern
   .Example
    Invoke-SecurityEssentials.ps1 -DefaultScan
    Updates antivirus and malicious software pattern and performs default scan
   .Example
    Invoke-SecurityEssentials.ps1 -quickScan
    Updates antivirus and malicious software pattern and performs a quick scan
   .Example
    Invoke-SecurityEssentials.ps1 -fullScan
    Updates antivirus and malicious software pattern and performs a full scan
   .Notes
    NAME:  Invoke-SecurityEssentials.ps1
    AUTHOR: Ed Wilson
    LASTEDIT: 4/30/2010
    KEYWORDS: Windows PowerShell, Scripting Guy, security, antivirus, WES-5-16-10
   .Link
     Http://www.ScriptingGuys.com
     Http://bit.ly/hsgblog
     Http://bit.ly/WeekendScripter
 #Requires -Version 2.0
 #>

When you call the script with Get-Help, the output shown in the following image appears.

Image of output of calling script with Get-Help

 

Well, that is about all there is to playing around with Microsoft Security Essentials and Windows PowerShell. If you want to know exactly what we will be looking at tomorrow, follow us on Twitter or FaceBook. If you have any questions, send e-mail to us at scripter@microsoft.com or post them on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

 

Ed Wilson and Craig Liebendorfer, Scripting Guys

 

Author

0 comments

Discussion are closed.

Feedback