Microsoft Defender PowerShell module and Nagios

Microsoft Defender antivirus is included in every Windows OS and there are many components and options available to manage, protect and monitor endpoints.
I was not surprised a few months ago when I needed to implement a monitoring check for Nagios that there was a dedicated PowerShell module that did exactly what I needed.

Naming things is hard

Microsoft Defender was previously known as Windows Defender Antivirus or Windows Defender. In Windows 10, the host-based firewall service is now called Windows Defender Firewall.  Just to complicate the picture a bit more, Microsoft has recently used “Defender” for Microsoft Defender for Endpoint, Microsoft 365, and Identity just to name a few. 

To improve the user experience on Windows 10, for instance, the “Windows Security” menu contains the “Virus & Threat Protection” (aka Microsoft Defender) which is a simplified menu where the end-user has visibility and access to the main functionalities of the tool.

Official Powershell module of Microsoft Defender

This is the official documentation:  https://docs.microsoft.com/en-us/powershell/module/defender/?view=windowsserver2019-ps 

List of Cmdlets available in the PowerShell module

To retrieve a list of the commands you can use get-command limiting the results to the defender module as it is shown below:

Powershell is not only useful for automation

Servers and Workstation can be successfully managed with policies to bring the behavior and configuration consistently and reliably to the desired end state.
But there are definitely operations such as upgrades that can require disabling the AV solutions during the installation process and mistakes in policy changes or human errors can leave the AV solution not running.
As I mentioned before this is not about automating a solution that works but monitoring its state.

Nagios is a monitoring solution that can perform black-box and white-box monitoring as well, in this case, will require an agent called NSClient++ on the target system.  I wrote an article 3 years ago that can be also useful on this subject.

Check-Defender

This is the Powershell script I wrote:

I hope you’ll find this article useful, as usual, you can find this script on my GitHub repository.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.