Scripting

PowerShell Script to Check Symantec Endpoint Protection Definition Updates

Posted on

Symantec Endpoint Protection has quite a hold on the Anti-Virus market share. Many have environments where it’s used, and may not be the administrators or even able to view data from the Symantec Endpoint Protection Manager. In light of that, I’ve written a PowerShell script to check the last update time for SEP definitions that can either be run manually or set as a scheduled task.

# Check if Symantec Endpoint Protection is installed. If not, exit.

#Check last write date of AV definitions and compare to a variable set for time – 7 days. 

# Write to the event log whether definitions are current or not

#Send email if definitions are out of date

*Things to Note*

  • As it stands, in each of the “if ($writetime” blocks there is a “write-host”. If you plan on running this as a scheduled task you’ll want to remove or comment out those lines.
  • I will also be writing this as a SCOM management pack, and an SCCM Compliance Item.

 



###################################################################
## Check Symantec Endpoint Protection Antivirus Definition Dates ##
## v1.1 ##
## Matt Hansen // 01-06-2017 ##
###################################################################

#Set Variables
$hostname = hostname
$7daysago = (get-date).AddDays(-7)
$key = 'HKLM:SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs'

#Test for registry key path and execute if neccessary
if (test-path -path $key)
{

$path = (Get-ItemProperty -Path $key -Name DEFWATCH_10).DEFWATCH_10
$writetime = [datetime](Get-ItemProperty -Path $path -Name LastWriteTime).lastwritetime
#Write-Host A min ago was $7daysago. DEFs was last written at $writetime

if ($writetime -lt $7daysago)
{Write-host "You have old defs"
Write-EventLog -LogName "Application" -Source "Symantec Antivirus" -EventId "7076" -EntryType "Warning" -Message "Symantec Definitions are older than 7 days. Last update time is was $writetime"
$notify = "yes"
}

if ($writetime -gt $7daysago)
{Write-host "You have current defs"
Write-EventLog -LogName "Application" -Source "Symantec Antivirus" -EventId "7077" -EntryType "Information" -Message "Symantec Definitions are current within 7 days. Last update time is was $writetime"
$notify = "no"

}

#Email Notify
if ($notify -eq "yes")
{
$param = @{
SmtpServer = "smtpserver@company.local"
Port = 25
UseSsl = $false
#Credential = "you@gmail.com"
From = "SymantecDefChecks@mcompany.local"
To = "administrator@company.local"
Subject = "Symantec Defintions Out-of-Date on $hostname"
Body = "Symantec Definitions are older than 7 days. Last update time is was $writetime on $hostname"
}
Send-MailMessage @param
#write-host "Email Sent"
}

}
Else {Write-host "Not installed"}

I hope this makes your day at least a little bit easier.

Thanks,

Advertisements

Powershell Script to check if SQL is Installed

Posted on

Here we go, short but sweet. I had to come up with this today when working with a SQL Server compliance item in SCCM 2012 using a script detection method. I’ve added the else back in, but you can modify however you need.

if (Test-Path “HKLM:\Software\Microsoft\Microsoft SQL Server\Instance Names\SQL”) {
write-host “True”
} Else {
write-host “False”
}

 

I hope I’ve made your day, at least a little bit easier!

Powershell command to show names of all machines in SCOM

Posted on

Simple one-liner, very helpful though!

Import-Module OperationsManager; Get-SCOMGroup -DisplayName “All Windows Computers” | Get-SCOMClassInstance | sort DisplayName | FT DisplayName

 

This will output just the names of all machines in the “All Windows Computers” group, you can change that name to output the machine names of any other group as well.

Powershell Script to Test SMTP

Posted on

This one is going to be short and sweet, I’ve been testing SMTP with and without encryption and wanted a good script for that.

Here are the lines that you’ll want to look at configuring:

  • Line 5: “$smtpServer =”InsertYourSmtpServerHere”
  • Line 12: Change the $false value to $true if you want to encrypt your SMTP with SSL
  • Line 13: If you’re using a non-default SMTP port, change the “25” to whatever you’re using
  • Line 15: Only change this if you need to enter credentials for authentication
  • Line 18/19: Change these to who you want to say the email is from, and to whom it is being delivered.
  • Line 21: Change this to whatever you want your email title to be
  • Line 25: Change this to say whatever you want the body of the email to say

 

There are also some write-host’s in there to let you know the values that are being run and whether or not they were successful, which will print to the powershell console.

https://gallery.technet.microsoft.com/Powershell-SMTP-Test-Tool-621b07ae

 

 

 

 

Config File Iteration Backup – Change Checking Config Files

Posted on Updated on

In a lot of environments that have developers that use a lot of config files, sometimes it would be nice to keep older versions of those files. Fortunately Microsoft has graced us with shadow copies so we can have “Previous Versions”. The only issue with that, is you can only can’t turn on shadow copies (as far as I know) for specific files. So what I did was write a powershell script to take care of that, in a round-about way.

What this script does, is wait until the file has been modified then copy it to an “archive” location and time stamp it so you can review older copies.

At the  beginning of this script there are two arrays that include variables of full paths to the files. “$OriginalPath” is the array that holds the full path to each file you want to watch. In the script here the two files I’m watching are “C:\configs\config1.txt” and “C:\configs\config2.txt”. Then the second array is where you want to archive the files to. In the script here it’s “C:\archive_configs\config1.txt” and “C:\archive_configs\config2.txt”.

 

What’s done after the arrays are initialize, is the time -1 minute and compares the last write value of the file in question to the current time -1 minute. If it has been modified, it copies to the archive location then modifies the name with a time stamp. Then loops back through if there are more files being checked in the array.

archive_stamped

 

What I’ve done is put this in Task Scheduler to run every 1 minute. If you want to modify that, take the line:

$1MinAgo = (get-date).AddMinutes(-1)

and you the “Minutes” portion and the “(-1)” portion can both be modified.

 

 

https://gallery.technet.microsoft.com/Config-File-Iteration-ab2a69df

 

I hope I’ve made your day a little bit easier!

 

 

 

Quick n’ Dirty Network Graph in Powershell

Posted on

This will be very short, sweet and to the point.

I was on a project recently where I was unable to access (and therefore monitor) any of the networking equipment and the WAN links thereof. Noticing that the issues that were occurring were due to a network problem I spoke with the folks who ran that particular network — they were no help. They gave me as little information as possible and punted the issue back to me saying it was a server problem. So here I am, no access to the network equipment, can’t monitor or log the WAN links, workstation in branch office having intermittent issues reaching the server in the main office. Enter powershell.


#-----Start-----
do {

#Ping google.com and select only the response time then output to file
test-connection google.com | Select-Object -Property ResponseTime >> pingoutput.csv

#Sleep for 10 seconds
Start-Sleep -s 10

#Write the time to the file
get-date >> pingoutput.csv

#Set the Time variable for the end while condition
$Time = (Get-Date).Hour

}

#While loop end condition states continue only if time is less than 5pm (24 hour clock)
while ($Time -le 17)
#-----End-----

The comments in the script state how it works and what each line does. After 5pm (the while loop end condition) you can grab that output .csv file and pull it in to excel. Once there you select your data real quick and you’ve got yourself a nice little graph of network latency in milliseconds over the period of the day.

network_latency

 

As you can tell there were some problems with this particular link.

 

 

There ya go!