{"id":49793,"date":"2010-05-16T00:01:00","date_gmt":"2010-05-16T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2010\/05\/16\/hey-scripting-guy-weekend-scripter-scripting-microsoft-security-essentials\/"},"modified":"2010-05-16T00:01:00","modified_gmt":"2010-05-16T00:01:00","slug":"hey-scripting-guy-weekend-scripter-scripting-microsoft-security-essentials","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/hey-scripting-guy-weekend-scripter-scripting-microsoft-security-essentials\/","title":{"rendered":"Hey, Scripting Guy! Weekend Scripter: Scripting Microsoft Security Essentials"},"content":{"rendered":"

\"Bookmark<\/p>\n

Microsoft Scripting Guy Ed Wilson here. Today, I finally had time to do something I have been wanting to do for a long time: I played around with Microsoft Security Essentials<\/font><\/a> (the free downloadable anti-malware program from Microsoft). When I say “played around with,” I mean I began to look at seeing what I could do from a scripting perspective. I think Microsoft Security Essentials is pretty cool, and I have even installed it on my mom’s computer, which should let you know that I think it is an awesome program. The fact that it is free is just icing on the cake. <\/p>\n

I also have it installed on computers in my lab, and because those computers are not always turned on, it is inconvenient when I power them on to have to sit and wait while they download signature updates, do scans, and so on. I wanted the ability to update the virus signature from a script. If I could also launch a quick scan, that would be even better. <\/p>\n

As it turns out, there is not an API for Microsoft Security Essentials; however, there is a command-line utility. When using Windows PowerShell<\/a>, having a command-line utility available to you is just about as good as having an API. I came up with the Invoke-SecurityEssentials.ps1 script seen here to update signatures, and to kick off default scans, quick scans, and full scans. <\/p>\n

Invoke-SecurityEssentials.ps1<\/p>\n

<\/strong><\/p>\n

<#
  <\/span>.Synopsis
    <\/span>Runs Microsoft Security Essentials to scan or update anti-virus pattern
   <\/span>.Example
    <\/span>Invoke-SecurityEssentials.ps1 -UpdateSignature
    <\/span>Updates antivirus and malicious software pattern
   <\/span>.Example
    <\/span>Invoke-SecurityEssentials.ps1 -DefaultScan
    <\/span>Updates antivirus and malicious software pattern and performs default scan
   <\/span>.Example
    <\/span>Invoke-SecurityEssentials.ps1 -quickScan
    <\/span>Updates antivirus and malicious software pattern and performs a quick scan
   <\/span>.Example
    <\/span>Invoke-SecurityEssentials.ps1 -fullScan
    <\/span>Updates antivirus and malicious software pattern and performs a full scan
   <\/span>.Notes
    <\/span>NAME:  <\/span>Invoke-SecurityEssentials.ps1
    <\/span>AUTHOR: Ed Wilson
    <\/span>LASTEDIT: 4\/30\/2010
    <\/span>KEYWORDS: Windows PowerShell, Scripting Guy, security, antivirus, WES-5-16-10
   <\/span>.Link
     <\/span>Http:\/\/www.ScriptingGuys.com
     <\/span>Http:\/\/bit.ly\/hsgblog
     <\/span>Http:\/\/bit.ly\/WeekendScripter
 <\/span>#Requires -Version 2.0
 <\/span>#>
Param(
 <\/span>[switch]$updateSignature,
 <\/span>[switch]$defaultScan,
 <\/span>[switch]$quickScan,
 <\/span>[switch]$fullScan
)<\/p>\n

Function Invoke-SecurityEssentials
{
 <\/span>Param($action)
 <\/span>$path = “c:program filesmicrosoft security essentialsMPCMDRUN.EXE”
 <\/span>Switch ($action)
  <\/span>{
   <\/span>$updateSignature { &$path -signatureUpdate }
   <\/span>$defaultScan { &$path -scan }
   <\/span>$quickScan { &$path -scan -scantype 1 }
   <\/span>$fullScan { &$path -scan -scantype 2 }
  <\/span>} #end switch
} #end function Invoke-SecurityEssentials<\/p>\n

Function Get-Results
{
 <\/span>Get-EventLog -LogName system -Source “Microsoft Anti-Malware” -Newest 2 |
 <\/span>Format-Table -Property timewritten, message -Wrap -auto
} # end function Get-Results<\/p>\n

# *** entry point to script ***
$quickScan = $true<\/p>\n

If($updateSignature)
 <\/span>{ Invoke-SecurityEssentials -action $updateSignature ;  <\/span>Exit }
If($defaultScan)
 <\/span>{ Invoke-SecurityEssentials -action $defaultScan ; Get-Results ; Exit }
If($quickScan)
 <\/span>{ Invoke-SecurityEssentials -action $quickScan ; Get-Results ; Exit }
If($fullScan)
 <\/span>{ Invoke-SecurityEssentials -action $fullScan ; Get-Results ; Exit }<\/p>\n

<\/font><\/font><\/p>\n

The script itself uses command-line parameters to allow you to perform the different actions. An If<\/b> statement looks for the command-line parameters and passes the appropriate action to the Invoke-SecurityEssentials<\/b> function. This portion of the script is shown here:<\/p>\n

# *** entry point to script ***<\/p>\n

If($updateSignature)
 <\/span>{ Invoke-SecurityEssentials -action $updateSignature ;  <\/span>Exit }
If($defaultScan)
 <\/span>{ Invoke-SecurityEssentials -action $defaultScan ; Get-Results ; Exit }
If($quickScan)
 <\/span>{ Invoke-SecurityEssentials -action $quickScan ; Get-Results ; Exit }
If($fullScan)
 <\/span>{ Invoke-SecurityEssentials -action $fullScan ; Get-Results ; Exit }<\/p>\n

<\/font><\/font><\/p>\n

Inside the Invoke-SecurityEssentials<\/b> function, a Switch<\/b> statement is used to parse th\ne input action and choose the appropriate command line. This is shown here:<\/p>\n

Param($action)
 <\/span>$path = “c:program filesmicrosoft security essentialsMPCMDRUN.EXE”
 <\/span>Switch ($action)
  <\/span>{
   <\/span>$updateSignature { &$path -signatureUpdate }
   <\/span>$defaultScan { &$path -scan }
   <\/span>$quickScan { &$path -scan -scantype 1 }
   <\/span>$fullScan { &$path -scan -scantype 2 }
  <\/span>} #end switch<\/p>\n

<\/font><\/font><\/p>\n

After the appropriate command line has completed, control of the script returns to the calling code. When the function runs, no feedback is produced on the command line. The event log seen in the following image records the start time and the end time of the Security Essentials scan. <\/p>\n

\"Image<\/span><\/p>\n

The Get-Results<\/b> function is used to query for the two most recent events related to the antivirus program. This code is shown here:<\/p>\n

Get-EventLog -LogName system -Source “Microsoft Antimalware” -Newest 2 |
Format-Table -Property timewritten, message -Wrap -auto<\/p>\n

<\/font><\/font><\/p>\n

When the script has run, the results seen in the following image are displayed. <\/p>\n

\"Image<\/span><\/p>\n

Because I used help tags when I was writing the script, you can receive command-line assistance from the Get-Help<\/b> cmdlet. The help tags are shown here:<\/p>\n

<#
  <\/span>.Synopsis
    <\/span>Runs Microsoft Security Essentials to scan or update anti-virus pattern
   <\/span>.Example
    <\/span>Invoke-SecurityEssentials.ps1 -UpdateSignature
    <\/span>Updates antivirus and malicious software pattern
   <\/span>.Example
    <\/span>Invoke-SecurityEssentials.ps1 -DefaultScan
    <\/span>Updates antivirus and malicious software pattern and performs default scan
   <\/span>.Example
    <\/span>Invoke-SecurityEssentials.ps1 -quickScan
    <\/span>Updates antivirus and malicious software pattern and performs a quick scan
   <\/span>.Example
    <\/span>Invoke-SecurityEssentials.ps1 -fullScan
    <\/span>Updates antivirus and malicious software pattern and performs a full scan
   <\/span>.Notes
    <\/span>NAME:  <\/span>Invoke-SecurityEssentials.ps1
    <\/span>AUTHOR: Ed Wilson
    <\/span>LASTEDIT: 4\/30\/2010
    <\/span>KEYWORDS: Windows PowerShell, Scripting Guy, security, antivirus, WES-5-16-10
   <\/span>.Link
     <\/span>Http:\/\/www.ScriptingGuys.com
     <\/span>Http:\/\/bit.ly\/hsgblog
     <\/span>Http:\/\/bit.ly\/WeekendScripter
 <\/span>#Requires -Version 2.0
 <\/span>#><\/p>\n

<\/font><\/font><\/p>\n

When you call the script with Get-Help<\/b>, the output shown in the following image appears. <\/p>\n

\"Image<\/span><\/p>\n

\n

 <\/p>\n<\/p>\n

Well, that is about all there is to playing around with Microsoft Security Essentials and Windows PowerShell. If you want to know exactly what we will be looking at tomorrow, follow us on Twitter<\/a> or FaceBook<\/a>. If you have any questions, send e-mail to us at scripter@microsoft.com<\/font><\/a> or post them on the Official Scripting Guys Forum<\/font><\/a>. See you tomorrow. Until then, peace.<\/p>\n

<\/p>\n

 <\/p>\n

<\/span><\/p>\n

Ed Wilson and Craig Liebendorfer, Scripting Guys<\/span><\/b><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft Scripting Guy Ed Wilson here. Today, I finally had time to do something I have been wanting to do for a long time: I played around with Microsoft Security Essentials (the free downloadable anti-malware program from Microsoft). When I say “played around with,” I mean I began to look at seeing what I could […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[143,3,63,61,45],"class_list":["post-49793","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-antivirus","tag-scripting-guy","tag-security","tag-weekend-scripter","tag-windows-powershell"],"acf":[],"blog_post_summary":"

Microsoft Scripting Guy Ed Wilson here. Today, I finally had time to do something I have been wanting to do for a long time: I played around with Microsoft Security Essentials (the free downloadable anti-malware program from Microsoft). When I say “played around with,” I mean I began to look at seeing what I could […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/49793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=49793"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/49793\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=49793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=49793"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=49793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}