Jump to content
Kaspersky Support Forum

intune compliance scripts and conditional access for kaspersky

palmer

By palmer
in Kaspersky Endpoint Security for Business

 Share

Recommended Posts

palmer

palmer

Posted
  • Author
Posted

Hello

 

I would like to create a compliance script in intune to check if kaspersky antivirus is installed and running, if not installed or running i would like to mark the computer as not compliance and apply conditional access so the user cannot access for example email.

 

I am attaching a link explining how this works:

 

https://www.petervanderwoude.nl/post/working-with-custom-compliance-settings/

 

Can anyone help in creating that script in powershell?

 

Thanks in advanced!

 

Albert

ak01

ak01

Posted
Posted

You can try to query avp.com (and parse output):

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com STATUS

 

You can also check if specific executable files exist or if specific programs are installed (within windows software database).

  • 2 weeks later...
palmer

palmer

Posted
  • Author
Posted

I tried the following powershell to get Antivirus services status but I only get null:

 

$service = Start-Process -FilePath " C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com" -ArgumentList "STATUS"
$status = @{"Status" = $service.AVService}
return $status | ConvertTo-Json -Compress

 

Can anyone help me to get the correct result so I can use on intune to valiudate antivirus is working?

 

 

ak01

ak01

Posted
Posted

you can use something like this (this script works locally) but I am not sure how to return the correct state to intune (I assume a true or false return value?):

 

 

$myExeOutput = & "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for 

$found = $false;	
$myExeOutput |
    Where-Object {$_ -match 'File_Monitoring' -and $_ -match 'running'} |
    ForEach-Object {
        #$_ -replace '\s+Version:.*$',''
		Write-host "av is running!	"
		$found = $true;
    }
return $found;

 

ak01

ak01

Posted
Posted 
$myExeOutput = & "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com" STATUS

$found = $false;	
$myExeOutput |
    Where-Object {$_ -match 'File_Monitoring' -and $_ -match 'running'} |
    ForEach-Object {
        #$_ -replace '\s+Version:.*$',''
		Write-host "av is running!	"
		$found = $true;
    }
return $found;

first line was truncated…

palmer

palmer

Posted
  • Author
Posted

working fine thank you! I just need to find which is the best parameter to make sure antivirus is working...

  • 2 weeks later...
ak01

ak01

Posted
Posted

Could you please post a screenshot how this is configured into intune?

Do you want to monitor other components of KES as well? It depends which components are activated within the policy but I would check all the basic ones (FileAV, WebAV, MailAV,  …)

  • 1 month later...
courtesy5

courtesy5

Posted
Posted

working fine thank you! I just need to find which is the best parameter to make sure antivirus is working...

Hey Palmer, Do you mind sharing your exact detection compliance script? I am trying to do something similar however not having any luck. 

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...