Jump to content
Kaspersky Support Forum

intune compliance scripts and conditional access for kaspersky

palmer
 Share

Recommended Posts

palmer

palmer

Posted
  • Author
Posted

Hello

 

I would like to create a compliance script in intune to check if kaspersky antivirus is installed and running, if not installed or running i would like to mark the computer as not compliance and apply conditional access so the user cannot access for example email.

 

I am attaching a link explining how this works:

 

https://www.petervanderwoude.nl/post/working-with-custom-compliance-settings/

 

Can anyone help in creating that script in powershell?

 

Thanks in advanced!

 

Albert

Link to comment
Share on other sites
ak01

ak01

Posted
Posted

You can try to query avp.com (and parse output):

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com STATUS

 

You can also check if specific executable files exist or if specific programs are installed (within windows software database).

Link to comment
Share on other sites
  • 2 weeks later...
palmer

palmer

Posted
  • Author
Posted

I tried the following powershell to get Antivirus services status but I only get null:

 

$service = Start-Process -FilePath " C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com" -ArgumentList "STATUS"
$status = @{"Status" = $service.AVService}
return $status | ConvertTo-Json -Compress

 

Can anyone help me to get the correct result so I can use on intune to valiudate antivirus is working?

 

 

Link to comment
Share on other sites
ak01

ak01

Posted
Posted

you can use something like this (this script works locally) but I am not sure how to return the correct state to intune (I assume a true or false return value?):

 

 

$myExeOutput = & "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for 

$found = $false;	
$myExeOutput |
    Where-Object {$_ -match 'File_Monitoring' -and $_ -match 'running'} |
    ForEach-Object {
        #$_ -replace '\s+Version:.*$',''
		Write-host "av is running!	"
		$found = $true;
    }
return $found;

 

Link to comment
Share on other sites
ak01

ak01

Posted
Posted 
$myExeOutput = & "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com" STATUS

$found = $false;	
$myExeOutput |
    Where-Object {$_ -match 'File_Monitoring' -and $_ -match 'running'} |
    ForEach-Object {
        #$_ -replace '\s+Version:.*$',''
		Write-host "av is running!	"
		$found = $true;
    }
return $found;

first line was truncated…

Link to comment
Share on other sites
  • 2 weeks later...
ak01

ak01

Posted
Posted

Could you please post a screenshot how this is configured into intune?

Do you want to monitor other components of KES as well? It depends which components are activated within the policy but I would check all the basic ones (FileAV, WebAV, MailAV,  …)

Link to comment
Share on other sites
  • 1 month later...
courtesy5

courtesy5

Posted
Posted

working fine thank you! I just need to find which is the best parameter to make sure antivirus is working...

Hey Palmer, Do you mind sharing your exact detection compliance script? I am trying to do something similar however not having any luck. 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...