# PCS Toolkit - Windows Defender Status $timestamp = Get-Date -Format "yyyy-MM-dd_HH-mm-ss" $logFile = "$env:USERPROFILE\Desktop\DefenderStatus_$timestamp.txt" function Log($msg) { Write-Host $msg Add-Content $logFile $msg } function LogColor($msg, $color) { Write-Host $msg -ForegroundColor $color Add-Content $logFile $msg } Log "========================================" Log " PCS Toolkit - Windows Defender Status" Log "========================================" Log "Generated: $(Get-Date)" Log "Computer: $env:COMPUTERNAME" Log "" # Check if running as admin $isAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) if (-not $isAdmin) { LogColor "WARNING: Run as Administrator for full details" "Yellow" Log "" } Log "=== DEFENDER SERVICE STATUS ===" Log "" $defenderService = Get-Service -Name WinDefend -EA SilentlyContinue if ($defenderService) { $status = $defenderService.Status $color = if ($status -eq 'Running') { 'Green' } else { 'Red' } LogColor "Windows Defender Service: $status" $color } else { LogColor "Windows Defender Service: NOT FOUND" "Red" } Log "" Log "=== REAL-TIME PROTECTION ===" Log "" try { $mpStatus = Get-MpComputerStatus -EA Stop $rtColor = if ($mpStatus.RealTimeProtectionEnabled) { 'Green' } else { 'Red' } LogColor "Real-Time Protection: $($mpStatus.RealTimeProtectionEnabled)" $rtColor $amColor = if ($mpStatus.AntivirusEnabled) { 'Green' } else { 'Red' } LogColor "Antivirus Enabled: $($mpStatus.AntivirusEnabled)" $amColor $asColor = if ($mpStatus.AntispywareEnabled) { 'Green' } else { 'Red' } LogColor "Antispyware Enabled: $($mpStatus.AntispywareEnabled)" $asColor $bmColor = if ($mpStatus.BehaviorMonitorEnabled) { 'Green' } else { 'Red' } LogColor "Behavior Monitor: $($mpStatus.BehaviorMonitorEnabled)" $bmColor $ioavColor = if ($mpStatus.IoavProtectionEnabled) { 'Green' } else { 'Red' } LogColor "IOAV Protection: $($mpStatus.IoavProtectionEnabled)" $ioavColor $nipColor = if ($mpStatus.NISEnabled) { 'Green' } else { 'Red' } LogColor "Network Protection: $($mpStatus.NISEnabled)" $nipColor Log "" Log "=== DEFINITION VERSIONS ===" Log "" Log "Antivirus Version: $($mpStatus.AntivirusSignatureVersion)" Log "Antispyware Version: $($mpStatus.AntispywareSignatureVersion)" Log "NIS Version: $($mpStatus.NISSignatureVersion)" Log "Engine Version: $($mpStatus.AMEngineVersion)" Log "Product Version: $($mpStatus.AMProductVersion)" Log "" Log "=== LAST UPDATES ===" Log "" Log "AV Signature Age: $($mpStatus.AntivirusSignatureAge) days" Log "AS Signature Age: $($mpStatus.AntispywareSignatureAge) days" Log "Last Quick Scan: $($mpStatus.QuickScanEndTime)" Log "Last Full Scan: $($mpStatus.FullScanEndTime)" if ($mpStatus.AntivirusSignatureAge -gt 7) { LogColor "WARNING: Definitions are $($mpStatus.AntivirusSignatureAge) days old!" "Yellow" } } catch { LogColor "ERROR: Could not get Defender status - $_" "Red" Log "This may indicate Defender is disabled or another AV is installed." } Log "" Log "=== DEFENDER PREFERENCES ===" Log "" try { $prefs = Get-MpPreference -EA Stop Log "Scan Schedule Day: $($prefs.ScanScheduleDay)" Log "Scan Schedule Time: $($prefs.ScanScheduleTime)" Log "Signature Update Interval: $($prefs.SignatureUpdateInterval) hours" Log "Submit Samples Consent: $($prefs.SubmitSamplesConsent)" Log "PUA Protection: $($prefs.PUAProtection)" Log "Cloud Block Level: $($prefs.CloudBlockLevel)" if ($prefs.ExclusionPath.Count -gt 0) { Log "" Log "Excluded Paths:" $prefs.ExclusionPath | ForEach-Object { Log " - $_" } } if ($prefs.ExclusionExtension.Count -gt 0) { Log "" Log "Excluded Extensions:" $prefs.ExclusionExtension | ForEach-Object { Log " - $_" } } } catch { LogColor "Could not get preferences: $_" "Yellow" } Log "" Log "=== RECENT THREAT HISTORY ===" Log "" try { $threats = Get-MpThreatDetection -EA SilentlyContinue | Select-Object -First 10 if ($threats) { foreach ($t in $threats) { $threatInfo = Get-MpThreat -ThreatID $t.ThreatID -EA SilentlyContinue $name = if ($threatInfo) { $threatInfo.ThreatName } else { "Unknown" } LogColor " $(${t}.InitialDetectionTime): $name" "Yellow" } } else { LogColor "No recent threats detected" "Green" } } catch { Log "Could not retrieve threat history" } Log "" Log "========================================" Log "SCAN COMPLETE" Log "========================================" explorer.exe "/select,$logFile" Read-Host "Press Enter to exit"