I want to create a report on which machines are running our AV.  I just run a command: sc query csagent and if it's running it'll return the following.

SERVICE_NAME: csagent
        TYPE               : 2  FILE_SYSTEM_DRIVER
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

If CrowdStrike isn't installed it returns:

[SC] EnumQueryServicesStatus:OpenService FAILED 1060:

The specified service does not exist as an installed service.

So I created a Procedure to Variable, running the command and writing to the Agent Procedure Log.  Now I'm trying to get a report built that'll list all of the machines that do not have the program running.



updated info on what happens when it fails to find a running program
[edited by: trevor.okazaki at 3:37 PM (GMT -4) on Jun 2, 2021]