Script Returns string, how to handle this in PRTG?

param($windowdomain,$windowsuser,$windowspassword,$computername)

$secpasswd = ConvertTo-SecureString $windowspassword -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("$($windowsdomain)\$($windowsuser)", $secpasswd)

$AV = Get-WmiObject -ComputerName $computer -Credentials ($mycreds) -Namespace root\SecurityCenter2 -Class AntiVirusProduct 
switch ($AV.productState) { 
"262144" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Disabled"} 
"262160" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Disabled"} 
"266240" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Enabled"} 
"266256" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Enabled"} 
"393216" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Disabled"} 
"393232" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Disabled"} 
"393488" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Disabled"} 
"397312" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Enabled"} 
"397328" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Enabled"} 
"397584" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Enabled"} 
"397568" {$UpdateStatus = "Up to date"; $RealTimeProtectionStatus = "Enabled"}
"393472" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Disabled"}
default {$UpdateStatus = "Unknown" ;$RealTimeProtectionStatus = "Unknown"} 
}
Write-Host ("0:" + $AV.displayname + " - " + $UpdateStatus + " - " + $RealTimeProtectionStatus)

Use the following instead:

Write-Host ("0:" + $AV.displayname + " - " + $UpdateStatus + " - " + $RealTimeProtectionStatus)

May, 2018 - Permalink

thx Stephan, it is better but the result isn't what i expected :-), if run the script on the remote computer i get the result "up to date" on PRTG i get "Unknown" Is the script running on the probe itself?

May, 2018 - Permalink

Welp - yes, indeed. You'll need to pass -Computername "%host" and -Credential $credential. To create a credential object, check out this :)

---

Kind regards,
Stephan Linke, Tech Support Team

May, 2018 - Permalink

Thx Stephen, where should I place this two lines in the script? At the beginning?

grtz R

May, 2018 - Permalink

Something like this - I updated your first post accordingly. Use the following parameters in PRTG: "%windowsdomain" "%windowsuser" "%windowspassword" "%host"

param($windowdomain,$windowsuser,$windowspassword,$computername)

$secpasswd = ConvertTo-SecureString $windowspassword -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("$($windowsdomain)\$($windowsuser)", $secpasswd)

$AV = Get-WmiObject -ComputerName $computer -Credentials ($mycreds) -Namespace root\SecurityCenter2 -Class AntiVirusProduct 
switch ($AV.productState) { 
"262144" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Disabled"} 
"262160" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Disabled"} 
"266240" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Enabled"} 
"266256" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Enabled"} 
"393216" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Disabled"} 
"393232" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Disabled"} 
"393488" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Disabled"} 
"397312" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Enabled"} 
"397328" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Enabled"} 
"397584" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Enabled"} 
"397568" {$UpdateStatus = "Up to date"; $RealTimeProtectionStatus = "Enabled"}
"393472" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Disabled"}
default {$UpdateStatus = "Unknown" ;$RealTimeProtectionStatus = "Unknown"} 
}
Write-Host ("0:" + $AV.displayname + " - " + $UpdateStatus + " - " + $RealTimeProtectionStatus)

May, 2018 - Permalink

Thx Stephan, but where exactly should I give the computername, domain, username and password in? The parameter field on the exe/script page?

May, 2018 - Permalink

Exactly there and in that order :) You'll need to configure Windows credentials in the device accordingly.

May, 2018 - Permalink

Stephen,

i don't know exactly the syntax so i wrote it like this:

$windowdomain ABCD,$windowsuser EFGH,$windowspassword IJKL,$computername 192.168.2.2

is this the correct way?

thx a lot!

May, 2018 - Permalink

You'll need to enter (copy/paste) the following into the parameter field of the sensor:
"%windowsdomain" "%windowsuser" "%windowspassword" "%host"

The placeholders will be replaced by PRTG internally when executing the script :)

May, 2018 - Permalink

Stephan,

where in the script should i put my credentials in plaintext?

grtz

May, 2018 - Permalink

You don't need to. As mentioned, enter the credentials in the device settings of PRTG (in the Windows credentials section). The script, when ran by PRTG, will get the corresponding values via the placeholders you entered in the parameter field. The credential object is then created at runtime and the script will log into the target host using the same.

---

Kind regards,
Stephan

May, 2018 - Permalink

OK I see! Thanks a lot Stephan but it doesn't give me te correct result!Value is still "unknown" and should be "up to date":-(

May, 2018 - Permalink

Could you try "Use credentials of parent device" in the sensor security context setting?

Jun, 2018 - Permalink

Hi Stephan, I did but i don't see any changes :-(, maybe the output is the problem! The output should be:

COMODO Antivirus / up to date / enabled

but i get as output:

/unknown/unknown

Could the textfield format/field be the problem in PRTG?

Jun, 2018 - Permalink

It probably still cannot access the target host. You may need to tinker with Remote PowerShell instead :)

---

Kind regards,
Stephan Linke, Tech Support Team

Jun, 2018 - Permalink

Hi Stephan,

this is the error and output i get when running the script on the remote computer:

Write-Host ("0:" + $AV.displayname + " / " + $UpdateStatus + " / " + $RealTimeProtectionStatus)
ConvertTo-SecureString : Cannot bind argument to parameter 'String' because it is null.
At line:3 char:36
+ $secpasswd = ConvertTo-SecureString <<<<  $windowspassword -AsPlainText -Force
    + CategoryInfo          : InvalidData: (:) [ConvertTo-SecureString], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand
 
New-Object : Exception calling ".ctor" with "2" argument(s): "Cannot process argument because the value of argument "password" is null. Change the value of argument "password" to a non-null value."
At line:4 char:22
+ $mycreds = New-Object <<<<  System.Management.Automation.PSCredential ("$($windowsdomain)\$($windowsuser)", $secpasswd)
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
 
Get-WmiObject : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
At line:7 char:34
+ $AV = Get-WmiObject -ComputerName <<<<  $computer -Credentials ($mycreds)-Namespace root\SecurityCenter2 -Class AntiVirusProduct 
    + CategoryInfo          : InvalidData: (:) [Get-WmiObject], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.GetWmiObjectCommand
 
0: / Unknown / Unknown

Jun, 2018 - Permalink

Are you actually putting values in the parameter values? It's complaining about the password being empty...

Jun, 2018 - Permalink

Hi Stephan, you mean this parameters?

You'll need to enter (copy/paste) the following into the parameter field of the sensor: "%windowsdomain" "%windowsuser" "%windowspassword" "%host"

The placeholders will be replaced by PRTG internally when executing the script :)

I replaced those parameters in:

"ABCD" "EFGH" "IJKL" "MNOP"

is that correct?

Jun, 2018 - Permalink

Stephan, I think he is complaining because i am executing the script local on the target system!

Jun, 2018 - Permalink

Could you post a screenshot of the settings of the sensor, specifically the parameter field? Just want to make sure we're not talking past each other. Check the markup options on how to embed images.

Jun, 2018 - Permalink

Hi Stephan,

Jun, 2018 - Permalink

Copy this, 1:1 into the parameter field and save it:
"%windowsdomain" "%windowsuser" "%windowspassword" "%host"

The placeholders are dynamically replaced by PRTG and you don't need to enter anything except the line above.

Jun, 2018 - Permalink

Stephan, that's what i did in a previous scenario and it didn't work, that's why i used now these values! I don't use values in my script because that script will be used for other computers too! I use that parameter field for the remote hosts.

Jun, 2018 - Permalink

Stephan, thx for the support! I fixed the problem! I changed my script in:

param(
    $computername = "localhost"
    )

$AV = Get-WmiObject -ComputerName $computername -Namespace root\SecurityCenter2 -Class AntiVirusProduct 
switch ($AV.productState) { 
"262144" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Disabled"} 
"262160" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Disabled"} 
"266240" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Enabled"} 
"266256" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Enabled"} 
"393216" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Disabled"} 
"393232" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Disabled"} 
"393488" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Disabled"} 
"397312" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Enabled"} 
"397328" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Enabled"} 
"397584" {$UpdateStatus = "Out of date" ;$RealTimeProtectionStatus = "Enabled"} 
"397568" {$UpdateStatus = "Up to date"; $RealTimeProtectionStatus = "Enabled"}
"393472" {$UpdateStatus = "Up to date" ;$RealTimeProtectionStatus = "Disabled"}
default {$UpdateStatus = "Unknown" ;$RealTimeProtectionStatus = "Unknown"} 
}
Write-Host ("0:" + $AV.displayname + " - " + $UpdateStatus + " - " + $RealTimeProtectionStatus)

I just used the computername as parameter! No credentials requierd!

Thans a lot! Regards Rachid

Jun, 2018 - Permalink

Nice! :D

Jun, 2018 - Permalink

Stephan, 1 question! :-)

Let say that the status changes, from up to date to out of date, the color bar (orange, red, green) should change from green to orange or red, can ik configure this on this type of sensor?

grtz

Jun, 2018 - Permalink

Instead of 0 at the beginning of the output, you could use a variable that is changed depending on the update status in the case/switch-statement. Using lookups will then allow you to display a corresponding state :)

Jun, 2018 - Permalink