Photo by Digital Buggu on Pexels.com

Purpose

It is crucial to have Antivirus definitions updated on your home computer or servers. But these antivirus clients stop working every now & then.

Most of the organization would have a separate team monitoring antiviruses but It is the responsibility of service owner to monitor their own servers as well. This script will help you there.

I had a script collected from somewhere few years back, I re-purposed it to look for CB Defense Antivirus Definition, You can use this script and it’s concept to find antivirus version for many different type of server.

Script

You can either download it from One Drive Link or paste content of respective content to CarbonBlackDefinition.ps1 & Server.txt

Obviously, type your server names in server.txt.

GitHub Link

https://github.com/jhasaurab/learntechfuture/tree/master/CarbonBlack

OR

You copy content of script here. There are only 2 files, Save them in CB folder on your desktop and name them as above screenshot.

CarbonBlackDefinition.ps1

$report = "CarbonBlack.htm" 
Function writeHtmlHeader  
{  
param($fileName)  
$date = ( get-date ).ToString('yyyy/MM/dd')  
Add-Content $fileName "<html>" 
Add-Content $fileName "<head>" 
Add-Content $fileName "<meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'>" 
Add-Content $fileName '<title>CarbonBlack Antivirus Report</title>' 
add-content $fileName '<STYLE TYPE="text/css">' 
add-content $fileName  "<!--" 
add-content $fileName  "td {" 
add-content $fileName  "font-family: Tahoma;" 
add-content $fileName  "font-size: 11px;" 
add-content $fileName  "border-top: 1px solid #999999;" 
add-content $fileName  "border-right: 1px solid #999999;" 
add-content $fileName  "border-bottom: 1px solid #999999;" 
add-content $fileName  "border-left: 1px solid #999999;" 
add-content $fileName  "padding-top: 0px;" 
add-content $fileName  "padding-right: 0px;" 
add-content $fileName  "padding-bottom: 0px;" 
add-content $fileName  "padding-left: 0px;" 
add-content $fileName  "}" 
add-content $fileName  "body {" 
add-content $fileName  "margin-left: 5px;" 
add-content $fileName  "margin-top: 5px;" 
add-content $fileName  "margin-right: 0px;" 
add-content $fileName  "margin-bottom: 10px;"
add-content $fileName  "" 
add-content $fileName  "table {" 
add-content $fileName  "border: thin solid #000000;" 
add-content $fileName  "}" 
add-content $fileName  "-->" 
add-content $fileName  "</style>" 
Add-Content $fileName "</head>" 
Add-Content $fileName "<body>" 
add-content $fileName  "<table width='85%'>" 
add-content $fileName  "<tr bgcolor='#CCCCCC'>" 
add-content $fileName  "<td colspan='7' height='25' align='center'>" 
add-content $fileName  "<font face='Tahoma' color='#003399' size='4'><strong>CarbonBlack Antivirus Report - $date</strong></font>" 
add-content $fileName  "</td>" 
add-content $fileName  "</tr>" 
add-content $fileName  "</table>" 
}

writeHtmlHeader $report

#Declaring the variable for Header's backgroundcolor
$color = '#5D86B0'


# Function to write the HTML Header to the file 

Function writeTableHeader1 
{  
param($fileName)
add-Content $fileName "<table width ='85%'>"
Add-Content $fileName "<tr bgcolor= $color>" 
add-content $fileName "<td width='10%' align='center'><strong>ServerName</strong></td>"

add-content $fileName "<td width='10%' align='center'><strong>CBDefenseAvLastUpdate</strong></td>" 
Add-Content $fileName "</tr>"
}  
writetableheader1 $report

$File = get-content "$Home\Desktop\CB\servers.txt"
foreach ($line in $file)
{

$ServerName = $line

#Continue the script even if an error happens
 trap [Exception] {continue}
 
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$ServerName)
$DefsReg = "SYSTEM\CurrentControlSet\Services\CbDefense\Scanner"

# Obtain Pattern File Date Value
 
$AVRegKey = $reg.opensubkey($DefsReg)
$AVPatternFileDate = $AVRegKey.GetValue('SnaiUpdateTime')
  
# Convert epoch to readable date
$origin = New-Object -Type DateTime -ArgumentList 1970, 1, 1, 0, 0, 0, 0
$CBDefenseAvLastUpdate = $origin.AddSeconds($AVPatternFileDate)

$a = "<style>"
$a = $a + "BODY{background-color:peachpuff;}"
$a = $a + "TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}"
$a = $a + "TH{border-width: 1px;padding: 0px;border-style: solid;border-color: black;}"
$a = $a + "TD{border-width: 1px;padding: 0px;border-style: solid;border-color: black;}"
$a = $a + "</style>"

$MYObject = “” | Select-Object ServerName, CBDefenseAvLastUpdate
$MYObject.ServerName = $ServerName
$MYObject.CBDefenseAvLastUpdate = $CBDefenseAvLastUpdate
$MYObject

Add-Content $report "<td bgcolor = '#C0C0C0' align='center'>$ServerName</td>"
Add-Content $report "<td bgcolor = '#C0C0C0' align='center'>$CBDefenseAvLastUpdate</td>"
Add-Content $report "</tr>"

 }

Function writeHtmlFooter  
{  
 param($fileName)  
 Add-Content $fileName "</body>" 
 Add-Content $fileName "</html>" 
 }  
writeHtmlFooter $report

Servers.txt

DB90-FLSRV-001
DB90-FLSRV-002
DB89-FLSRV-001
DB89-FLSRV-002
DB80-FLSRV-001
DB89-SQL-001
DB90-SQL-001
DB89-DC-001
DB90-DC-001

Output of script

Output will be written to CarbonBlack.htm file. You can send this via email or push this to sharepoint or internal portal.

Thank you for reading !