Nagios Support Forum

Hi

I want to know the status of my antivirus 'Defender' on my 2012 and 2016 servers. But the command doesn't seem to be recognized by Nagios.
I don't have this problem on the 2019 server, and the Defender status is 'OK.'
The status is 'critical' for the 2012 and 2016 servers with the following message:"

"Get-MpComputerStatus : The term 'Get-MpComputerStatus' is not recognized as
the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is
correct and try again.
At C:\\Program Files (x86)\\Nagios\\NCPA\\plugins\\check_defender.ps1:8 char:88
+ ... e Windefend).Status -eq "Running" -and $(Get-MpComputerStatus).RealTi ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-MpComputerStatus:String) []
, CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

"Get-MpThreatDetection : The term 'Get-MpThreatDetection' is not recognized as
the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is
correct and try again.
At C:\\Program Files (x86)\\Nagios\\NCPA\\plugins\\check_defender.ps1:15 char:13
+ if ([bool] (Get-MpThreatDetection) -eq $True){
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-MpThreatDetection:String) [
], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

Get-MpComputerStatus : The term 'Get-MpComputerStatus' is not recognized as
the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is
correct and try again.
At C:\\Program Files (x86)\\Nagios\\NCPA\\plugins\\check_defender.ps1:19 char:13
+ if ([bool]((Get-MpComputerStatus).AntivirusSignatureLastUpdated -lt ( ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-MpComputerStatus:String) []
, CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

CRITICAL - Microsoft Defender is not running or the real-time protection was disabled"

The PowerShell script is stored locally on the servers (2012, 2016, 2019), and Nagios fetches it.
When I run the script directly while connected to the servers (2012, 2016, 2019), it works.
However, the 'Get-MpComputerStatus' and 'Get-MpThreatDetection' commands don't seem to be understood by Nagios on the servers (2012, 2016)

Can you help me please ?

Thanks

Hello,

It seems that the Get-MpComputerStatus and Get-MpThreatDetection cmdlets, which are part of the Defender module for PowerShell, are not being recognized when executed through Nagios on your 2012 and 2016 servers.


To diagnose the issue, I would check the following:

• Execution Context: The context or the user account from which Nagios is executing the PowerShell script may not have the same environment or access to the same modules as when you run the script directly.

• PowerShell Version: Windows Server 2012 and 2016 might be running an older version of PowerShell, whereas 2019 might be running a newer version that includes the Defender cmdlets by default.

I would start by checking the Powershell versions with Then try either running the script locally without administrator privileges or remotely with administrator privileges to determine if the issue is related to admin privileges.

If the issue is related to the execution context, you may be able to get it to run properly using `RunAs`, `-NoProfile` or `-ExecutionPolicy`

Hello,

Thanks for your answer

I found the solution :

I had to go in this folder : C:\Program Files (x86)\Nagios\NCPA\etc and modify "ncpa.cfg"

I changed this line:

"#.ps1 = c:\windows\sysnative\windowspowershell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -File $plugin_name $plugin_args"

".ps1 = powershell -ExecutionPolicy Bypass -File $plugin_name $plugin_args"

and just inverse :

".ps1 = c:\windows\sysnative\windowspowershell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -File $plugin_name $plugin_args"

"#.ps1 = powershell -ExecutionPolicy Bypass -File $plugin_name $plugin_args"

just because of this "#"

after you had to restart the ncpa listener (services) and it will work

GxSkill wrote: ↑Fri Sep 22, 2023 3:28 am Hello,

Thanks for your answer

I found the solution : Geometry Dash

I had to go in this folder : C:\Program Files (x86)\Nagios\NCPA\etc and modify "ncpa.cfg"

I changed this line:

"#.ps1 = c:\windows\sysnative\windowspowershell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -File $plugin_name $plugin_args"

".ps1 = powershell -ExecutionPolicy Bypass -File $plugin_name $plugin_args"

and just inverse :

".ps1 = c:\windows\sysnative\windowspowershell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -File $plugin_name $plugin_args"

"#.ps1 = powershell -ExecutionPolicy Bypass -File $plugin_name $plugin_args"

just because of this "#"

after you had to restart the ncpa listener (services) and it will work

The term 'Get-MpComputerStatus' is not recognized as a command, and it seems to be related to PowerShell or Windows management. This error typically occurs when attempting to use a PowerShell cmdlet or command that is not recognized by the system.

That's why no matter how many times I fix itgeometry dash scratch, I still can't find the error because it's wrong right from the Get-MpComputerStatus statement if anyone doesn't know this is not a command.

Hi GxSkill, it looks like your issue has been resolved. I'm going to go ahead and lock this thread.