This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos - Antivirus last update tacker Script -Powershell

I have been tasked with compiling a list which contains the version and last successful auto update for all the machines on the domain.

I understand this would be much easier if I used the Sophos enterprise console but unfortunately this is not a resource that is available to me at this time.

So far I have created a PowerShell script which currently gives me back the current Sophos version, computer name, and the exe file. However I am now struggling to find a way to also display the date and time of the last successful auto update. the domain is set up to auto update every 10 minuets.

PowerShell Script :

function Get-AntiVirusProduct {
[CmdletBinding()]
param (
[parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]
[Alias('name')]
$computername=$env:computername

)

$AntiVirusProduct = Get-WmiObject -Namespace "root\SecurityCenter2" -Class AntiVirusProduct  -ComputerName $computername

#Create hash-table for each computer
$ht = @{}
$ht.'Computername' = $computername
$ht.Name = $AntiVirusProduct.displayName
$ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe
$ht.'Version' = [System.Diagnostics.FileVersionInfo]::GetVersionInfo   ("C:\Program Files (x86)\Sophos\AutoUpdate\ALUpdate.exe").FileVersion



#Create a new object for each computer
New-Object -TypeName PSObject -Property $ht 

} 
Get-AntiVirusProduct

I have done some research and seen where a K100 script has been used to query the auto update file but I am not sure if this would be applicable for my solution.

FileExists(C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe) AND ShellCommandTextReturn(cmd /q /c powershell.exe -command "$f=[DATETIME] '01/01/1970 00:00:00'; $f.AddSeconds((Get-ItemProperty -Path 'REGISTRY::HKLM\SOFTWARE\Sophos\AutoUpdate\UpdateStatus' LastUpdateTime).LastUpdateTime) | ForEach-Object {'{0:yyyy}-{0:MM}-{0:dd} {0:HH}:{0:mm}:{0:ss}' -f ($_.AddHours(-0))}")

The module which the update runs to is ALUpdate.exe

would appreciate any help or suggestions.



This thread was automatically locked due to age.
Parents Reply Children
No Data