PowerShell monitor for removal of software

Hi community

We have an application installed onto 2 servers, this doesn’t run as a Windows Service and/or process, however we need to ensure the application isn’t uninstalled (maliciously or accidentally).

I am toying around with using the “Get-wmiObject Win32_product” cmdlet but would like to know how I can leverage the SquaredUp PowerShell MP to alert if the powershell cmdlet returns a NULL value? Is this at all possible?

Thanks

1 Like

Hi!

If you do an $a = get-wmiobject

And

If( $a -eq $null )

{

Send error state

}

Else

{

Send ok state

}

Another way is to check for if a file exists?

Hi Jannep

Thanks for that, I have now got the PowerShell monitoring working with your help, see below for working script. However I am struggling to get the “MessageText” section input into the Alert Description, I have added the following into Alert Description but it doesnt seem to work:

$Data/Context/Property[@Name=‘MessageText’]$

SCOM management server alerts at the same time with the below:

Failed to replace parameter while creating the alert for monitor state change.

Failing replacement: $Data/Context/Property[@Name=\'MessageText\']$

 

WORKING SCRIPT:

Required section for PowerShell in SCOM

$ScomAPI = New-Object -comObject “MOM.ScriptAPI”
$PropertyBag = $ScomAPI.CreatePropertyBag()

Query for installed SCOM Agent

$App = Get-WmiObject win32_product | where {$_.Name -eq “Microsoft Monitoring Agent1”}

If SCOM agent not installed return Error State

If ($App -eq $null)
{ $PropertyBag.AddValue(“State”,“ERROR”)
}
else

If SCOM agent installed return OK state

{ $PropertyBag.AddValue(“State”,“OK”)
}

Send output to SCOM

$messageText = “SCOM Agent is not installed”
{ $PropertyBag.AddValue(“MessageText”,$messageText)
}
$PropertyBag

Alert Description fixed, removing the brackets from the last $PropertyBag section resolved this, see below:

Send output to SCOM

$messageText = “SCOM Agent Not Installed - ERROR!!!”
$PropertyBag.AddValue(“MessageText”,$messageText)
$PropertyBag

Thanks