Author Posts

August 7, 2014 at 9:57 am

I'm writing a PowerShell script that takes a series of remote computer names and runs a custom malware scan on a targeted subdirectory on each computer. I have successfully used[i] psexec[/i] to accomplish this from the command line, but now want to use a PowerShell script. [i]psexec[/i] resident on my computer and the antimalware application ([i]MpCmdRun[/i]) is resident on the target computer:

"C:\Program Files (x86)\Sysinternals\psexec.exe" \\computername "C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -scan -scantype 3 –File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
[hr]
My first attempt to use a PowerShell script used the [i]Invoke-Command[/i] cmdlet:

Import-CSV D:\test.csv | ForEach-Object {
$computer = $_.ComputerName

Invoke-Command -computername $computer {"C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -scan -scantype 3 -File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\}

}

I received the following error message:

You must provide a value expression on the right-hand side of the '-' operator.
At H:\My Documents\PowerShell Scripts\specialscan2.ps1:15 char:112
+ Invoke-Command -computername $computer {"C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" – < <<< scan -scantype 3 -File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\} + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : ExpectedValueExpression [hr] I have had some success with the following script:

$computers = Get-Content "D:\ test.csv"

ForEach ($computer in $computers) {

if (Test-Connection -Computername $computer -quiet) {
& "C:\Program Files (x86)\Sysinternals\psexec.exe" \\$computer "C:\Program Files\Microsoft Security Client\MpCmdRun.exe" -scan -scantype 3 -File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\

} else {

"$computer is not online"
}
}

This script does run the desired antimalware scan but I still am getting this error:

psexec.exe :
At H:\My Documents\PowerShell Scripts\specialscan1A.ps1:10 char:6
+ & <<<< "C:\Program Files (x86)\Sysinternals\psexec.exe" \\$computer "C:\Program Files\Microsoft Security Client\MpCmdRun.exe" -scan -scantype 3 -File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\ + CategoryInfo : NotSpecified: (:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError What am I missing? Is there a better approach to this task (e.g. Get-Process or another cmdlet)?

August 7, 2014 at 11:46 am

try invoke-expression

August 7, 2014 at 1:05 pm

You forgot the &.

Invoke-Command -computername $computer { & "C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -scan -scantype 3 -File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\ }

August 11, 2014 at 11:09 am

Thank you! Both of your suggestions have been been helpful.