0

'm trying to run a virus scan on a list of servers in our environment. There are hundreds of machines, so we'd like to run the scan (using a command line prompt that we already have) around 10 at a time. We're totally new to PowerShell so any help would be really appreciated. We have a general idea of what commands we need to use -- here's how we think it might work for now:

$server = Get-Content "serverlist.txt"
$server | % {

$VirusScan = { Scan32.exe }

Invoke-Command -ScriptBlock { $VirusScan } -computerName $server -ThrottleLimit 10 -Authentication domain/admin 


}

Anyone have any suggestions on how we might orchestrate this?

Zef D.
  • 13
  • 1
  • 2
  • so are we to assume that you don't have a licensed copy of mcafee? otherwise why wouldn't use just use its management solution to handle this? – tony roth Aug 12 '13 at 16:58
  • The management console doesn't handle this well. It's a really manual process (we have around 800 servers) so we're trying to PowerShell to expedite the process. – Zef D. Aug 12 '13 at 17:02
  • @ZephD Where specifically are you seeing shortcomings with ePO? It's certainly not the *best* tool, but I've used it in much larger environments to do what you're looking for. – MDMarra Aug 12 '13 at 17:06
  • Is it safe to say we can't use PowerShell to do this? – Zef D. Aug 12 '13 at 17:07
  • You can use PS to do this. Where have you run into problems using the script above? – MDMarra Aug 12 '13 at 17:15
  • 1
    It seems to run the commands in sequence rather than in batches. – Zef D. Aug 12 '13 at 17:18
  • 1
    I may take some heat for this but here's my opinion on scheduled AV scans: If your AV software has a real time scanning component, and it's enabled, and the real time scanner does the job of detecting and deleting/quarantining malware then a scheduled scan should never be necessary. Assume that the system is clean prior to the AV installation, how could it ever be infected if the real time scanner does its job? If it does get infected why do you think a scheduled scan will detect what the real time scanner didn't? They're both using the same scanning engine and the same virus definitions. – joeqwerty Aug 12 '13 at 18:16
  • @joeqwery I agree, with the exception of an environment where it's possible for the on-access scanning to be disabled (even temporarily). Not that this should ever be so. – john Aug 12 '13 at 20:19

2 Answers2

3

You're trying to use the wrong tool here. McAfee ePolicy Orchestrator (ePO) can schedule scans, collect results, force on-demand scans, and do all kinds of other useful things like hold a copy of the update repository.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • We want to run the scan in batches because there are so many servers. ePO doesn't support running 10 or so scans at a time so we're exploring other ways to solve the process. – Zef D. Aug 12 '13 at 17:07
  • What is the problem with running them all at the same time? You're not telling us your whole problem(s). – mfinni Aug 12 '13 at 17:33
  • 1
    Totally agree... use EPO, and set different policies on different groups of machines that schedule the scans at different times of day. There's really no need to bring PS into this, and that's hard for me to say because I want to bring PS into everything! – Ryan Ries Aug 12 '13 at 18:08
2

To answer your question directly (without the knowledge of McAfee and it's management tools and therefore the understanding that there may be a better approach to your situation), please read the following section of the Invoke-Command help manual:

-AsJob

Runs the command as a background job on a remote computer. Use this parameter to run commands that take an extensive time to complete.

When you use AsJob, the command returns an object that represents the job, and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the Job cmdlets. To get the job results, use the Receive-Job cmdlet.

Append -AsJob to your Invoke-Command command and a job will be created for each remote host. Once the job is created it will move onto the next without waiting for the scan to complete. This should remove the need to use -ThrottleLimit also.

References:

john
  • 1,995
  • 1
  • 17
  • 30
  • This worked. I created a queue and ran the commands as background jobs and logged the results using Out-File. – Zef D. Aug 13 '13 at 21:37