Merge pull request #90 from akunzai/fix-dsa-dection

Fix detection for Trend Micro Deep Security Agent
akunzai · Apr 12, 2023 · 2bf0d8a · 2bf0d8a
2 parents a2319f9 + 55aae65
commit 2bf0d8a
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -50,7 +50,7 @@ git pull
 Sample output
 
 ````markdown
-# Windows Secure Auditor: 1.2.0
+# Windows Secure Auditor: 1.2.1
 
 ## System Information
 

diff --git a/README.zh-TW.md b/README.zh-TW.md
@@ -50,7 +50,7 @@ git pull
 範例輸出
 
 ````markdown
-# Windows Secure Auditor: 1.2.0
+# Windows Secure Auditor: 1.2.1
 
 ## 系統資訊
 

diff --git a/SecureAuditor.psd1 b/SecureAuditor.psd1
@@ -6,7 +6,7 @@
     # RootModule = ''
 
     # Version number of this module.
-    ModuleVersion          = '1.2.0'
+    ModuleVersion          = '1.2.1'
 
     # Supported PSEditions
     # CompatiblePSEditions = @()

diff --git a/rules/Antivirus.psm1 b/rules/Antivirus.psm1
@@ -26,6 +26,8 @@ function Test($config) {
     $osInfo = Get-CimInstance -ClassName Win32_OperatingSystem
     if ($osInfo.ProductType -ne 1) {
         # Windows Server
+
+        # ESET Endpoint Security
         # https://help.eset.com/efsw/9.0/en-US/work_wmi_provider_data.html
         $product = Get-CimInstance -Namespace root/ESET -ClassName ESET_Product -ErrorAction SilentlyContinue
         if ($null -ne $product) {
@@ -35,24 +37,26 @@ function Test($config) {
         }
         # Trend Micro Deep Security Agent
         # https://success.trendmicro.com/dcx/s/solution/1117040-checking-the-version-of-deep-security-agent-using-command-prompt
-        $products = Get-CimInstance -ClassName Win32_Product -Filter 'Name like "%Trend Micro%"' -ErrorAction SilentlyContinue
         $dsaQuery = "$($env:ProgramFiles)\Trend Micro\Deep Security Agent\dsa_query.cmd"
-        if (Test-Path -Path $dsaQuery -ErrorAction SilentlyContinue -and $null -ne $products -and $products.Count -gt 0) {
-            $product = $products[0]
-            Write-CheckList $true "$($i18n.Installed): $($product.Name) $($product.Version)"
-            # https://help.deepsecurity.trendmicro.com/10/0/command-line-utilities.html#dsa_quer
-            $dsaStatus = (& $dsaQuery -c GetComponentInfo | Out-String).Trim()
-            $upToDate = -not [string]::IsNullOrWhiteSpace(($dsaStatus | Select-String "Component.AM.mode: on"))
-            $patternVersion = ($dsaStatus | Select-String 'Component.AM.version.pattern.VSAPI:')
-            if ([string]::IsNullOrWhiteSpace($patternVersion)) {
-                Write-CheckList $false "$($i18n.UpdatedStatus): $($i18n.FailedToCheckUpdateStatus)"
-            }
-            else {
-                $patternVersion = $patternVersion.Split(':')[1].Trim()
-                # https://success.trendmicro.com/dcx/s/solution/000288677
-                Write-CheckList $upToDate "$($i18n.UpdatedStatus): $($patternVersion)"
+        if (Test-Path -Path $dsaQuery -ErrorAction SilentlyContinue) {
+            $products = Get-CimInstance -ClassName Win32_Product -Filter 'Name like "%Trend Micro%"' -ErrorAction SilentlyContinue
+            if ($null -ne $products -and $products.Count -gt 0) {
+                $product = $products[0]
+                Write-CheckList $true "$($i18n.Installed): $($product.Name) $($product.Version)"
+                # https://help.deepsecurity.trendmicro.com/10/0/command-line-utilities.html#dsa_quer
+                $dsaStatus = (& $dsaQuery -c GetComponentInfo | Out-String).Trim()
+                $upToDate = -not [string]::IsNullOrWhiteSpace(($dsaStatus | Select-String "Component.AM.mode: on"))
+                $patternVersion = ($dsaStatus | Select-String 'Component.AM.version.pattern.VSAPI:')
+                if ([string]::IsNullOrWhiteSpace($patternVersion)) {
+                    Write-CheckList $false "$($i18n.UpdatedStatus): $($i18n.FailedToCheckUpdateStatus)"
+                }
+                else {
+                    $patternVersion = $patternVersion.Split(':')[1].Trim()
+                    # https://success.trendmicro.com/dcx/s/solution/000288677
+                    Write-CheckList $upToDate "$($i18n.UpdatedStatus): $($patternVersion)"
+                }
+                return
             }
-            return
         }
         # The Microsoft Defender module was not found before Windows Server 2016
         # https://www.powershellgallery.com/packages/WindowsDefender/