I just released this script on the script center of technet gallery : http://gallery.technet.microsoft.com/scriptcenter/Check-End-Point-Protection-875ffdc6
Here is the description :
Sometimes you need to check if antivirus is enable or not on AD Computers/Servers. You can do it by your monitoring application, but this script can be useful to check daily your infrastructure. So this script will display for each AD Computers (you can modify the query for specific OU) :
AntiSpyware : True for enabled / Nothing for Disabled or Not installed
Last Updated AntiSpyware Signature : The last update for spyware definitions
AntiVirus : True for enabled / Nothing for Disabled or Not installed
Last Updated Antivirus : The last update for antivirus definitions
Here is the script :
#REQUIRES -Version 2.0 <# .SYNOPSIS Check the client status of End Point Protection for AD Computers .DESCRIPTION Create a schedule task to run daily this script. It will retrieve informations about End Point Protection for AD Computers and send the result by email. .NOTES NAME: Check_EPM_Status.ps1 AUTHOR: PRIGENT Nicolas [www.get-cmd.com] v1.0 - 06/28/2014 - N.PRIGENT : Creation .LINK Script posted over : www.get-cmd.com .EXAMPLE Just run ./Check_EPM_Status.ps1 If you don't have EPM on a computer, errors will appear in the powershell console. #> # Variables : Modify this query for a specific OU $ADComputers = Get-ADComputer -Filter 'ObjectClass -eq "Computer"' | Select -Expand DNSHostName $tab = @() ### $a = @' <!--mce:0--> '@ ### # for each computer, get the DNS Host Name foreach ($Comp in $ADComputers) { # Reset variables $objet = new-object Psobject # New powershell session $session = New-PSSession -ComputerName $Comp # Import module EPM $ImportMod = {Import-Module “$env:ProgramFiles\Microsoft Security Client\MpProvider”} # Display informations $AntiSpy = {Get-MProtComputerStatus | Select -Expand AntispywareEnabled} $AntiSpyLastUp = {Get-MProtComputerStatus | Select -Expand AntispywareSignatureLastUpdated} $AntiVir = {Get-MProtComputerStatus | Select -Expand AntivirusEnabled} $AntiVirLastUp = {Get-MProtComputerStatus | Select -Expand AntivirusSignatureLastUpdated} $Imp = Invoke-Command -session $session -scriptblock $ImportMod $spy = Invoke-Command -session $session -scriptblock $AntiSpy $spyUp = Invoke-Command -session $session -scriptblock $AntiSpyLastUp $vir = Invoke-Command -session $session -scriptblock $AntiVir $virUp = Invoke-Command -session $session -scriptblock $AntiVirLastUp $objet | Add-member -Name "Server name" -Membertype "Noteproperty" -Value $Comp $objet | Add-member -Name "Status of AntiSpyware" -Membertype "Noteproperty" -Value $spy $objet | Add-member -Name "Last updated AntiSpyware Signature" -Membertype "Noteproperty" -Value $spyUp $objet | Add-member -Name "Status of AntiVirus" -Membertype "Noteproperty" -Value $vir $objet | Add-member -Name "Last updated AntiVirus Signature" -Membertype "Noteproperty" -Value $virUp $tab += $objet Exit-PSSession } # sort the table $tab = $tab | Sort-Object "Server Name" # Add to the body for mail $body = $tab | ConvertTo-HTML -head $a # And send mail send-mailmessage -to "Email@domain.com" -from "Check@EndPointProtection" -subject "EndPoint Protection Status for AD Computers" -body ($body | out-string) -BodyAsHTML -SmtpServer "x.x.x.x:YY"