-
Notifications
You must be signed in to change notification settings - Fork 1
/
Get-WindowsDefenderDetections.ps1
39 lines (35 loc) · 1.52 KB
/
Get-WindowsDefenderDetections.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#Powershell Windows Defender Detections for N-able RMM
#Author: Andreas Walker andreas.walker@walkerit.ch
#Licence: GNU General Public License v3.0
#Version: 1.0.0 / 04.12.2022
#Parameters
$AgeLimit = (Get-Date).AddHours(-24)
$WindowsDefenderDetections = Get-MpThreatDetection | Where {$_.LastThreatStatusChangeTime -gt $AgeLimit}
#Check Detections
if (!$WindowsDefenderDetections)
{
Write-Host OK - No Windows Defender detections found in the last 24 hours.
Exit 0
}
else
{
Write-Host ERROR - Windows Defender detections found in the last 24 hours.
Write-Host ********************
#Print Detections
foreach ($Detection in $WindowsDefenderDetections)
{
$Detail = Get-MpThreat -ThreatID $Detection.ThreatID
if ($Detection.ActionSuccess) {$DetectionStatus = "Cleaned"} else {$DetectionStatus = "Not Cleaned!"}
Write-Host * Threat: $Detail.ThreatName - ID: $Detection.ThreatID
Write-Host * Detection: $Detection.InitialDetectionTime $Detection.DetectionID
Write-Host * User: $WindowsDefenderDetections.DomainUser
Write-Host * Process: $WindowsDefenderDetections.ProcessName
Write-Host * Additional Ressources: $Detection.Resources
Write-Host * Status: $DetectionStatus
Write-Host ********************
}
Exit 1001
}
#Catch unexpected end
Write-Host ERROR - The Script came to an unexpected end.
exit 1001