Solved: Guest VMs Antivirus Status

vin01 · ‎04-19-2018

Hi

I need to find the McAfee installed status on 6000 windows VM's. The problem is these are not reporting to McAfee EPO Server. I need to check is AV is installed or not.

The only way is I can invoke to each machine as i know the administrator password. My thought is to check the McAfee folder is available or not in each machine(Suggest me is there any best way to find antivirus status either by registry check ) by using below script but its not showing results as expected.

Using Try-Catch with any of one correct password it should write the VMName and McAfee folder name in csv file if AV is installed. But in csv VMname is in 3rd row as it should be in 1st row and no result for out1,2,3 or 4

$script = @' 
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
  Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs
  exit
} 
$report=if([environment]::Is64BitProcess -eq "True"){
Get-Item -Path "C:\Program Files (x86)\McAfee\" |select name
}
else {
Get-Item -Path 'C:\Program Files\McAfee' |select Name
}
$report.name
'@ 
 $obj = foreach($vm in Get-VM "VVM-523", "VVM-524" ,"VVM-501_1A" ,"VVM-701") {  
  $out1 = ""
  $out2 = ""
  $out3 = ""
  $out4 = ""
  $found = $false 
  try{  
    $out1 = Invoke-VMScript -VM $vm.name -GuestUser "administrator" -GuestPassword "password1"  -ScriptText $script -ScriptType Powershell -ErrorAction Stop | Select -ExpandProperty ScriptOutput 
    $found = $true 
  }  
  catch [VMware.VimAutomation.ViCore.Types.V1.ErrorHandling.InvalidGuestLogin]{  
    $out1 = "Invalid logon"  
  }  
  catch{  
    $out1 = "any other output"  
  }  
  if(!$found) { 
    try{  
      $out2 = Invoke-VMScript -VM $vm.name -GuestUser "administrator" -GuestPassword "password2"  -ScriptText $script -ScriptType Powershell -ErrorAction Stop | Select -ExpandProperty ScriptOutput 
      $found = $true 
    }  
    catch [VMware.VimAutomation.ViCore.Types.V1.ErrorHandling.InvalidGuestLogin]{  
      $out2 = "Invalid logon"  
    }  
    catch{  
      $out2 = "any other output"  
    }  
  } 
  if(!$found){ 
    try{  
      $out3 = Invoke-VMScript -VM $vm.name -GuestUser "administrator" -GuestPassword "password4"  -ScriptText $script -ScriptType Powershell -ErrorAction Stop | Select -ExpandProperty ScriptOutput 
      $found = $true 
    }  
    catch [VMware.VimAutomation.ViCore.Types.V1.ErrorHandling.InvalidGuestLogin]{  
      $out3 = "Invalid logon"  
    }  
    catch{  
      $out3 = "any other output"  
    } 
  }
  if(!$found){ 
    try{  
      $out4 = Invoke-VMScript -VM $vm.name -GuestUser "admin" -GuestPassword "password3"  -ScriptText $script -ScriptType Powershell -ErrorAction Stop | Select -ExpandProperty ScriptOutput 
      $found = $true 
    }  
    catch [VMware.VimAutomation.ViCore.Types.V1.ErrorHandling.InvalidGuestLogin]{  
      $out4 = "Invalid logon"  
    }  
    catch{  
      $out4 = "any other output"  
    } 
  }
  New-Object PSObject -Property @{
    Name = $vm.Name
    Out1 = $out1
    Out2 = $out2
    Out3 = $out3
    Out4 = $out4
  } 
} 
$obj

Output:

Regards Vineeth.K

LucD · ‎04-20-2018

My bad, that should be

$script = @'

$text = Get-Service -Name *McAfee* | Select -first 1 | %{"$($_.Name) is $($_.Status)"}

if(-not $text){

$text = Get-Service -Name wuauserv | Select -first 1 | %{"$($_.Name) is $($_.Status)"}

}

$text

'@

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

View solution in original post

LucD · ‎04-19-2018

I'm afraid some line of your script are cut off, perhaps you could attach the script as a file attachment?

Not sure why you need to run the script inside the guest OS elevated, just to check for the existence of a folder.

And wouldn't it be more meaningful to check if the McAfee services are running (Get-Service)?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

vin01 · ‎04-19-2018

Hello LucD,

Script attached.

OK. I will remove the lines to open powershell as elevated in $script. Yeah thanks for your suggestion even my thought is to use (get-service). Can you please correct the script to get service name and its status. one note as i mentioned in 6000 vms there and some of windows xp,7 & 10, So I found there are multiple services with name McAfee in machines. I need any of the one service with its status.

For windows 2k8 and 2012 & 2016 the common service name is --McAfee McShield (Display Name)

For win7,10 the common service name is -- McAfee Agent Service (Display Name)

or if we go with wildcard as (McAfee* and do select -First 1 is also OK.

Regards Vineeth.K

LucD · ‎04-19-2018

You would only need to change the script that you in the guest OS.

$script = @'

Get-Service -Name *McAfee* | Select -first 1 | %{"$($_.Name) is $($_.Status)"}

'@

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

vin01 · ‎04-19-2018

yes it is showing the output. One more correction why the output is not showing in a order, Like First VMname|Out1|OUT2|OUT3|Out4 .It would be helpful while sorting.

Output is like below jumbled. Is it possible to correct

Regards Vineeth.K

LucD · ‎04-19-2018

Try replacing the New-Object lines with this

New-Object PSObject -Property (

[ordered]@{

Name = $vm.Name

Out1 = $out1

Out2 = $out2

Out3 = $out3

Out4 = $out4

})

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

vin01 · ‎04-19-2018

Thanks This is working as expected

Regards Vineeth.K

vin01 · ‎04-19-2018

While executing this on multiple VM's I thought there need to be a small correction.

The main concept of the script is to check McAfee service so if the vm doesn't have AV installed the cells in csv related to that name will be blank so rather keeping blank i need to check some other service in that vm like (Windows Update service which is common on all the versions of windows) this will give a clear info that the invoke is done using one of the four password mentioned above and found there is no McAfee Service.

I am thinking If condition will be helpful here can you rewrite by adding if condition in the $script.

Regards Vineeth.K

LucD · ‎04-19-2018

Something like this?

$script = @'

$text = Get-Service -Name *McAfee* | Select -first 1 | %{"$($_.Name) is $($_.Status)"}

if(-not $text){

Get-Service -Name wuauserv | Select -first 1 | %{"$($_.Name) is $($_.Status)"}

}

'@

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

vin01 · ‎04-19-2018

Yes exactly I am looking same as like this. But after replacing as below now its not writing the vms where McAfee is installed. Is anything wrong I placed.

$script = @'
$text = Get-Service -Name *McAfee* | Select -first 1 | %{"$($_.Name) is $($_.Status)"}
if(-not $text){
    Get-Service -Name wuauserv | Select -first 1 | %{"$($_.Name) is $($_.Status)"}
}
'@

Output:

No output for 1st,2nd,3rd vm but AV is running on these VMs

Regards Vineeth.K

LucD · ‎04-20-2018

My bad, that should be

$script = @'

$text = Get-Service -Name *McAfee* | Select -first 1 | %{"$($_.Name) is $($_.Status)"}

if(-not $text){

$text = Get-Service -Name wuauserv | Select -first 1 | %{"$($_.Name) is $($_.Status)"}

}

$text

'@

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

vin01 · ‎04-20-2018

Yeah I have changed and started executing on all the VM's.

Thanks Guru for Supporting . Its a long time started scripting on vSphere Environment. I may keep on posting a lot on invoke-VM cmdlet.

Regards Vineeth.K

All

Guest VMs Antivirus Status