I want to create a report on which machines are running our AV. I just run a command: sc query csagent and if it's running it'll return the following.
SERVICE_NAME: csagent TYPE : 2 FILE_SYSTEM_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
If CrowdStrike isn't installed it returns:
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:
The specified service does not exist as an installed service.
So I created a Procedure to Variable, running the command and writing to the Agent Procedure Log. Now I'm trying to get a report built that'll list all of the machines that do not have the program running.