dfirhub

Antivirus

Compoundv1.5

Author: Andrew Rathbun

description

Antivirus

includes (29)

+ 8 more targets

paths

109 pathsfrom 29 targets
paths use Windows environment syntax

collection commands 

# PowerShell Artifact Collection Script
# Target: Antivirus
# Run as Administrator

#Requires -RunAsAdministrator

$ErrorActionPreference = "Continue"
$SourceRoot = "C:"
$DestBase   = "D:\Evidence"
$Summary = @{ Copied = 0; Missed = 0; Errors = 0 }

function Collect-Artifact {
    param(
        [Parameter(Mandatory)][string]$SourceDir,
        [Parameter(Mandatory)][string]$FolderName,
        [string]$FileMask = "*"
    )
    # Expand wildcards in any path segment (e.g. 'Program Files*',
    # 'ScreenConnect Client*'). robocopy itself does not glob the source.
    $sources = @(Get-Item -Path $SourceDir -ErrorAction SilentlyContinue |
        Where-Object { $_.PSIsContainer })
    if ($sources.Count -eq 0) {
        $Summary.Missed++
        return
    }
    $FullDest = Join-Path -Path $DestBase -ChildPath $FolderName
    $null = New-Item -ItemType Directory -Force -Path $FullDest -ErrorAction SilentlyContinue
    foreach ($src in $sources) {
        robocopy $src.FullName "$FullDest" "$FileMask" /E /COPY:DAT /R:0 /W:0 /NP /NFL /NDL /NJH /NJS 2>$null | Out-Null
        if ($LASTEXITCODE -le 7) { $Summary.Copied++ } else { $Summary.Errors++ }
    }
}

# 1. Avast AV Logs (XP)
Collect-Artifact -SourceDir "C:\Documents And Settings\All Users\Application Data\Avast Software\Avast\Log" -FolderName "Avast_AV_Logs_XP"

# 2. Avast AV Logs
Collect-Artifact -SourceDir "C:\ProgramData\Avast Software\Avast\Log" -FolderName "Avast_AV_Logs"

# 3. Avast AV Index
Collect-Artifact -SourceDir "C:\ProgramData\Avast Software\Avast\Chest" -FileMask "index.xml" -FolderName "Avast_AV_Index"

# 4. Avast Persistent Data Logs
Collect-Artifact -SourceDir "C:\ProgramData\Avast Software\Persistent Data\Avast\Logs" -FolderName "Avast_Persistent_Data_Logs"

# 5. Avast Icarus Logs
Collect-Artifact -SourceDir "C:\ProgramData\Avast Software\Icarus\Logs" -FolderName "Avast_Icarus_Logs"

# 6. AVG AV Logs (XP)
Collect-Artifact -SourceDir "C:\Documents and Settings\All Users\Application Data\AVG\Antivirus\log" -FolderName "AVG_AV_Logs_XP"

# 7. AVG AV Report Logs (XP)
Collect-Artifact -SourceDir "C:\Documents and Settings\All Users\Application Data\AVG\Antivirus\report" -FolderName "AVG_AV_Report_Logs_XP"

# 8. AVG AV Logs
Collect-Artifact -SourceDir "C:\ProgramData\AVG\Antivirus\log" -FolderName "AVG_AV_Logs"

# 9. AVG Report Logs
Collect-Artifact -SourceDir "C:\ProgramData\AVG\Antivirus\report" -FolderName "AVG_Report_Logs"

# 10. AVG Persistent Logs
Collect-Artifact -SourceDir "C:\ProgramData\AVG\Persistent Data\Antivirus\Logs" -FolderName "AVG_Persistent_Logs"

# 11. AVG FileInfo DB
Collect-Artifact -SourceDir "C:\ProgramData\AVG\Antivirus" -FileMask "FileInfo2.db" -FolderName "AVG_FileInfo_DB"

# 12. AVG lsdbj2 JSON
Collect-Artifact -SourceDir "C:\ProgramData\AVG\Antivirus" -FileMask "lsdb2.json" -FolderName "AVG_lsdbj2_JSON"

# 13. Avira Activity Logs
Collect-Artifact -SourceDir "C:\ProgramData\Avira\Antivirus\LOGFILES" -FolderName "Avira_Activity_Logs"

# 14. Avira Security Logs
Collect-Artifact -SourceDir "C:\ProgramData\Avira\Security\Logs" -FolderName "Avira_Security_Logs"

# 15. Avira VPN Logs
Collect-Artifact -SourceDir "C:\ProgramData\Avira\VPN" -FolderName "Avira_VPN_Logs"

# 16. Bitdefender Endpoint Security Logs
Collect-Artifact -SourceDir "C:\ProgramData\Bitdefender\Endpoint Security\Logs" -FolderName "Bitdefender_Endpoint_Security_Logs"

# 17. Bitdefender Internet Security Logs
Collect-Artifact -SourceDir "C:\ProgramData\Bitdefender\Desktop\Profiles\Logs" -FolderName "Bitdefender_Internet_Security_Logs"

# 18. Bitdefender SQLite DB Files
Collect-Artifact -SourceDir "C:\Program Files*\Bitdefender*" -FileMask "regex:*.+\.(db|db-wal|db-shm)" -FolderName "Bitdefender_SQLite_DB_Files"

# 19. ComboFix
Collect-Artifact -SourceDir "C:" -FileMask "ComboFix.txt" -FolderName "ComboFix"

# 20. CrowdStrike Falcon Quarantined File
Collect-Artifact -SourceDir "C:\Windows\System32\Drivers\CrowdStrike\Quarantine" -FolderName "CrowdStrike_Falcon_Quarantined_File"

# 21. Cybereason Anti-Ransomware Logs
Collect-Artifact -SourceDir "C:\ProgramData\crs1\Logs" -FolderName "Cybereason_Anti_Ransomware_Logs"

# 22. Cybereason Sensor Communications and Anti-Malware Logs
Collect-Artifact -SourceDir "C:\ProgramData\apv2\Logs" -FolderName "Cybereason_Sensor_Communications_and_Anti_Malware_Logs"

# 23. Cybereason Application Control and NGAV Logs
Collect-Artifact -SourceDir "C:\ProgramData\crb1\Logs" -FolderName "Cybereason_Application_Control_and_NGAV_Logs"

# 24. Cylance ProgramData Logs
Collect-Artifact -SourceDir "C:\ProgramData\Cylance\Desktop" -FolderName "Cylance_ProgramData_Logs"

# 25. Cylance Optics Logs
Collect-Artifact -SourceDir "C:\ProgramData\Cylance\Optics\Log" -FolderName "Cylance_Optics_Logs"

# 26. Cylance Program Files Logs
Collect-Artifact -SourceDir "C:\Program Files\Cylance\Desktop\log" -FolderName "Cylance_Program_Files_Logs"

# 27. Elastic Defend Logs
Collect-Artifact -SourceDir "C:\Program Files\Elastic\Endpoint\state\log" -FileMask "*.log" -FolderName "Elastic_Defend_Logs"

# 28. Elastic Defend Quarantine
Collect-Artifact -SourceDir "C:\.equarantine" -FileMask "*" -FolderName "Elastic_Defend_Quarantine"

# 29. Elastic Defend Quarantine
Collect-Artifact -SourceDir "C:\Program Files\Elastic\Endpoint\state\.equarantine" -FileMask "*" -FolderName "Elastic_Defend_Quarantine"

# 30. Emsisoft Scan Logs
Collect-Artifact -SourceDir "C:\ProgramData\Emsisoft\Reports" -FileMask "scan*.txt" -FolderName "Emsisoft_Scan_Logs"

# 31. ESET NOD32 AV Logs (XP)
Collect-Artifact -SourceDir "C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs" -FolderName "ESET_NOD32_AV_Logs_XP"

# 32. ESET NOD32 AV Logs
Collect-Artifact -SourceDir "C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs" -FolderName "ESET_NOD32_AV_Logs"

# 33. ESET NOD32 AV Logs
Collect-Artifact -SourceDir "C:\ProgramData\ESET\ESET Security\Logs" -FolderName "ESET_NOD32_AV_Logs"

# 34. ESET Remote Administrator Logs
Collect-Artifact -SourceDir "C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs" -FolderName "ESET_Remote_Administrator_Logs"

# 35. SYSTEM user quarantine
Collect-Artifact -SourceDir "C:\Windows\System32\config\systemprofile\AppData\Local\ESET\ESET Security\Quarantine" -FolderName "SYSTEM_user_quarantine"

# 36. F-Secure Logs
Collect-Artifact -SourceDir "C:\ProgramData\F-Secure\Log" -FolderName "F_Secure_Logs"

# 37. F-Secure Scheduled Scan Reports
Collect-Artifact -SourceDir "C:\ProgramData\F-Secure\Antivirus\ScheduledScanReports" -FolderName "F_Secure_Scheduled_Scan_Reports"

# 38. HitmanPro Logs
Collect-Artifact -SourceDir "C:\ProgramData\HitmanPro\Logs" -FolderName "HitmanPro_Logs"

# 39. HitmanPro Alert Logs
Collect-Artifact -SourceDir "C:\ProgramData\HitmanPro.Alert\Logs" -FolderName "HitmanPro_Alert_Logs"

# 40. HitmanPro Database
Collect-Artifact -SourceDir "C:\ProgramData\HitmanPro.Alert" -FileMask "excalibur.db" -FolderName "HitmanPro_Database"

# 41. HitmanPro Quarantine
Collect-Artifact -SourceDir "C:\ProgramData\HitmanPro\Quarantine" -FolderName "HitmanPro_Quarantine"

# 42. MalwareBytes Anti-Malware Logs
Collect-Artifact -SourceDir "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs" -FileMask "mbam-log-*.xml" -FolderName "MalwareBytes_Anti_Malware_Logs"

# 43. MalwareBytes Anti-Malware Service Logs
Collect-Artifact -SourceDir "C:\ProgramData\Malwarebytes\MBAMService\logs" -FileMask "mbamservice.log*" -FolderName "MalwareBytes_Anti_Malware_Service_Logs"

# 44. MalwareBytes Anti-Malware Scan Results Logs
Collect-Artifact -SourceDir "C:\ProgramData\Malwarebytes\MBAMService\ScanResults" -FolderName "MalwareBytes_Anti_Malware_Scan_Results_Logs"

# 45. McAfee Desktop Protection Logs XP
Collect-Artifact -SourceDir "C:\Users\All Users\Application Data\McAfee\DesktopProtection" -FolderName "McAfee_Desktop_Protection_Logs_XP"

# 46. McAfee Desktop Protection Logs
Collect-Artifact -SourceDir "C:\ProgramData\McAfee\DesktopProtection" -FolderName "McAfee_Desktop_Protection_Logs"

# 47. McAfee Endpoint Security Logs
Collect-Artifact -SourceDir "C:\ProgramData\McAfee\Endpoint Security\Logs" -FolderName "McAfee_Endpoint_Security_Logs"

# 48. McAfee Endpoint Security Logs
Collect-Artifact -SourceDir "C:\ProgramData\McAfee\Endpoint Security\Logs_Old" -FolderName "McAfee_Endpoint_Security_Logs"

# 49. McAfee VirusScan Logs
Collect-Artifact -SourceDir "C:\ProgramData\Mcafee\VirusScan" -FolderName "McAfee_VirusScan_Logs"

# 50. McAfee MSC Logs
Collect-Artifact -SourceDir "C:\ProgramData\Mcafee\MSC\Logs" -FolderName "McAfee_MSC_Logs"

# 51. McAfee Agent Events
Collect-Artifact -SourceDir "C:\ProgramData\Mcafee\Agent\AgentEvents" -FolderName "McAfee_Agent_Events"

# 52. McAfee Agent Logs
Collect-Artifact -SourceDir "C:\ProgramData\Mcafee\Agent\logs" -FolderName "McAfee_Agent_Logs"

# 53. McAfee Data Reputation Logs
Collect-Artifact -SourceDir "C:\ProgramData\Mcafee\datareputation\Logs" -FolderName "McAfee_Data_Reputation_Logs"

# 54. McAfee Managed VirusScan
Collect-Artifact -SourceDir "C:\ProgramData\Mcafee\Managed\VirusScan\Logs" -FolderName "McAfee_Managed_VirusScan"

# 55. McAfee Agent Events XP
Collect-Artifact -SourceDir "C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\AgentEvents" -FolderName "McAfee_Agent_Events_XP"

# 56. McAfee MC Logs XP
Collect-Artifact -SourceDir "C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\SAE" -FolderName "McAfee_MC_Logs_XP"

# 57. McAfee Data Reputation Logs XP
Collect-Artifact -SourceDir "C:\Documents and Settings\All Users\Application Data\McAfee\datreputation\Logs" -FolderName "McAfee_Data_Reputation_Logs_XP"

# 58. McAfee Managed VirusScan Logs XP
Collect-Artifact -SourceDir "C:\Documents and Settings\All Users\Application Data\McAfee\Managed\VirusScan\Logs" -FolderName "McAfee_Managed_VirusScan_Logs_XP"

# 59. McAfee WCF Service Logs
Collect-Artifact -SourceDir "C:\Program Files (x86)\McAfee\DLP\WCF Service\Log" -FolderName "McAfee_WCF_Service_Logs"

# 60. McAfee ePO Logs
Collect-Artifact -SourceDir "C:\ProgramData\McAfee\Endpoint Security\Logs" -FolderName "McAfee_ePO_Logs"

# 61. McAfee ePO Apache Logs
Collect-Artifact -SourceDir "C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Apache2\Logs" -FolderName "McAfee_ePO_Apache_Logs"

# 62. McAfee ePO DB Events
Collect-Artifact -SourceDir "C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Events" -FolderName "McAfee_ePO_DB_Events"

# 63. McAfee ePO DB Debug Events
Collect-Artifact -SourceDir "C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Events\Debug" -FolderName "McAfee_ePO_DB_Debug_Events"

# 64. McAfee ePO Server Logs
Collect-Artifact -SourceDir "C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\Logs" -FolderName "McAfee_ePO_Server_Logs"

# 65. Windows Safety Scanner Logs
Collect-Artifact -SourceDir "C:\Windows\Debug" -FileMask "msert.log" -FolderName "Windows_Safety_Scanner_Logs"

# 66. RogueKiller Reports
Collect-Artifact -SourceDir "C:\ProgramData\RogueKiller\logs" -FileMask "AdliceReport_*.json" -FolderName "RogueKiller_Reports"

# 67. SecureAge Antvirus Logs
Collect-Artifact -SourceDir "C:\ProgramData\SecureAge Technology\SecureAge\log" -FolderName "SecureAge_Antvirus_Logs"

# 68. SentinelOne EDR Log
Collect-Artifact -SourceDir "C:\programdata\sentinel\logs" -FolderName "SentinelOne_EDR_Log"

# 69. Sophos Logs (XP)
Collect-Artifact -SourceDir "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos *\Logs" -FolderName "Sophos_Logs_XP"

# 70. Sophos Logs
Collect-Artifact -SourceDir "C:\ProgramData\Sophos\*\Logs" -FolderName "Sophos_Logs"

# 71. Sophos Logs
Collect-Artifact -SourceDir "C:\ProgramData\Sophos\Logs" -FolderName "Sophos_Logs"

# 72. Application Event Log XP
Collect-Artifact -SourceDir "C:\Windows\System32\config" -FileMask "AppEvent.evt" -FolderName "Application_Event_Log_XP"

# 73. Application Event Log XP
Collect-Artifact -SourceDir "C:\Windows.old\Windows\System32\config" -FileMask "AppEvent.evt" -FolderName "Application_Event_Log_XP"

# 74. Application Event Log Win7+
Collect-Artifact -SourceDir "C:\Windows\System32\winevt\logs" -FileMask "application.evtx" -FolderName "Application_Event_Log_Win7"

# 75. Application Event Log Win7+
Collect-Artifact -SourceDir "C:\Windows.old\Windows\System32\winevt\logs" -FileMask "application.evtx" -FolderName "Application_Event_Log_Win7"

# 76. Symantec Endpoint Protection Logs (XP)
Collect-Artifact -SourceDir "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Logs\AV" -FolderName "Symantec_Endpoint_Protection_Logs_XP"

# 77. Symantec Endpoint Protection Logs
Collect-Artifact -SourceDir "C:\ProgramData\Symantec\Symantec Endpoint Protection\*\Data\Logs" -FolderName "Symantec_Endpoint_Protection_Logs"

# 78. Symantec Event Log Win7+
Collect-Artifact -SourceDir "C:\Windows\System32\winevt\logs" -FileMask "Symantec Endpoint Protection Client.evtx" -FolderName "Symantec_Event_Log_Win7"

# 79. Symantec Event Log Win7+
Collect-Artifact -SourceDir "C:\Windows.old\Windows\System32\winevt\logs" -FileMask "Symantec Endpoint Protection Client.evtx" -FolderName "Symantec_Event_Log_Win7"

# 80. Symantec Endpoint Protection Quarantine (XP)
Collect-Artifact -SourceDir "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine" -FolderName "Symantec_Endpoint_Protection_Quarantine_XP"

# 81. Symantec Endpoint Protection Quarantine
Collect-Artifact -SourceDir "C:\ProgramData\Symantec\Symantec Endpoint Protection\*\Data\Quarantine" -FolderName "Symantec_Endpoint_Protection_Quarantine"

# 82. ccSubSDK Database
Collect-Artifact -SourceDir "C:\ProgramData\Symantec\Symantec Endpoint Protection\*\Data\CmnClnt\ccSubSDK" -FolderName "ccSubSDK_Database"

# 83. registrationInfo.xml
Collect-Artifact -SourceDir "C:\ProgramData\Symantec\Symantec Endpoint Protection\*\Data" -FileMask "registrationInfo.xml" -FolderName "registrationInfo_xml"

# 84. TotalAV Logs
Collect-Artifact -SourceDir "C:\Program Files*\TotalAV\logs" -FolderName "TotalAV_Logs"

# 85. TotalAV Logs
Collect-Artifact -SourceDir "C:\ProgramData\TotalAV\logs" -FolderName "TotalAV_Logs"

# 86. Trend Micro Logs
Collect-Artifact -SourceDir "C:\ProgramData\Trend Micro" -FolderName "Trend_Micro_Logs"

# 87. Trend Micro Security Agent Report Logs
Collect-Artifact -SourceDir "C:\Program Files*\Trend Micro\Security Agent\Report" -FileMask "*.log" -FolderName "Trend_Micro_Security_Agent_Report_Logs"

# 88. Trend Micro Security Agent Connection Logs
Collect-Artifact -SourceDir "C:\Program Files*\Trend Micro\Security Agent\ConnLog" -FileMask "*.log" -FolderName "Trend_Micro_Security_Agent_Connection_Logs"

# 89. Trend Micro Quarantine
Collect-Artifact -SourceDir "C:\Program Files*\Trend Micro\*\Quarantine" -FileMask "*" -FolderName "Trend_Micro_Quarantine"

# 90. VIPRE Business Agent Logs
Collect-Artifact -SourceDir "C:\ProgramData\VIPRE Business Agent\Logs" -FolderName "VIPRE_Business_Agent_Logs"

# 91. Webroot Program Data
Collect-Artifact -SourceDir "C:\ProgramData\WRData" -FileMask "WRLog.log" -FolderName "Webroot_Program_Data"

# 92. Windows Defender Logs
Collect-Artifact -SourceDir "C:\ProgramData\Microsoft\Microsoft AntiMalware\Support" -FolderName "Windows_Defender_Logs"

# 93. Windows Defender Event Logs
Collect-Artifact -SourceDir "C:\Windows\System32\winevt\Logs" -FileMask "Microsoft-Windows-Windows Defender*.evtx" -FolderName "Windows_Defender_Event_Logs"

# 94. Windows Defender Event Logs
Collect-Artifact -SourceDir "C:\Windows.old\Windows\System32\winevt\Logs" -FileMask "Microsoft-Windows-Windows Defender*.evtx" -FolderName "Windows_Defender_Event_Logs"

# 95. Windows Defender Logs
Collect-Artifact -SourceDir "C:\ProgramData\Microsoft\Windows Defender\Support" -FolderName "Windows_Defender_Logs"

# 96. Windows Defender Logs
Collect-Artifact -SourceDir "C:\Windows\Temp" -FileMask "MpCmdRun.log" -FolderName "Windows_Defender_Logs"

# 97. Windows Defender Logs
Collect-Artifact -SourceDir "C:\Windows.old\Windows\Temp" -FileMask "MpCmdRun.log" -FolderName "Windows_Defender_Logs"

# 98. DetectionHistory
Collect-Artifact -SourceDir "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*" -FolderName "DetectionHistory"

# 99. Windows Defender Quarantine
Collect-Artifact -SourceDir "C:\ProgramData\Microsoft\Windows Defender\Quarantine" -FolderName "Windows_Defender_Quarantine"

# 100. Windows Defender Detections.log
Collect-Artifact -SourceDir "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service" -FileMask "Detections.log" -FolderName "Windows_Defender_Detections_log"

# Iterate every user profile under the source drive
Get-ChildItem "$SourceRoot\Users" -Directory -ErrorAction SilentlyContinue |
    Where-Object { $_.Name -notin @('All Users', 'Default', 'Default User', 'Public') } |
    ForEach-Object {
        $UserName = $_.Name
        # Avast AV User Logs
        $UserPath = "$($_.FullName)\Avast Software\Avast\Log"
        Collect-Artifact -SourceDir $UserPath -FolderName "Avast_AV_User_Logs_$UserName"
        # Local User Quarantine
        $UserPath = "$($_.FullName)\AppData\Local\ESET\ESET Security\Quarantine"
        Collect-Artifact -SourceDir $UserPath -FolderName "Local_User_Quarantine_$UserName"
        # F-Secure User Logs
        $UserPath = "$($_.FullName)\AppData\Local\F-Secure\Log"
        Collect-Artifact -SourceDir $UserPath -FolderName "F_Secure_User_Logs_$UserName"
        # MalwareBytes Anti-Malware Scan Logs
        $UserPath = "$($_.FullName)\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware\Logs"
        Collect-Artifact -SourceDir $UserPath -FolderName "MalwareBytes_Anti_Malware_Scan_Logs_$UserName"
        # SUPERAntiSpyware Logs
        $UserPath = "$($_.FullName)\AppData\Roaming\SUPERAntiSpyware\Logs"
        Collect-Artifact -SourceDir $UserPath -FolderName "SUPERAntiSpyware_Logs_$UserName"
        # Symantec Endpoint Protection User Logs
        $UserPath = "$($_.FullName)\AppData\Local\Symantec\Symantec Endpoint Protection\Logs"
        Collect-Artifact -SourceDir $UserPath -FolderName "Symantec_Endpoint_Protection_User_Logs_$UserName"
        # VIPRE Business User Logs (v7+)
        $UserPath = "$($_.FullName)\AppData\Roaming\VIPRE Business"
        Collect-Artifact -SourceDir $UserPath -FolderName "VIPRE_Business_User_Logs_v7_$UserName"
        # VIPRE Business User Logs (v5-v6)
        $UserPath = "$($_.FullName)\AppData\Roaming\GFI Software\AntiMalware\Logs"
        Collect-Artifact -SourceDir $UserPath -FolderName "VIPRE_Business_User_Logs_v5_v6_$UserName"
        # VIPRE Business User Logs (up to v4)
        $UserPath = "$($_.FullName)\AppData\Roaming\Sunbelt Software\AntiMalware\Logs"
        Collect-Artifact -SourceDir $UserPath -FolderName "VIPRE_Business_User_Logs_up_to_v4_$UserName"
    }

Write-Host ("Collection complete. Copied: {0}  Missed: {1}  Errors: {2}" -f $Summary.Copied, $Summary.Missed, $Summary.Errors) -ForegroundColor Green

Save as .ps1 and run as Administrator. Use: powershell -ExecutionPolicy Bypass -File script.ps1

Note: This is a compound target that references 28 other targets. The KAPE command resolves them natively; the PowerShell/Batch/WSL scripts flatten every referenced path into explicit copy commands.

notes

For those looking to contribute to this list, check here for ideas: https://en.wikipedia.org/wiki/Comparison_of_antivirus_software.

Install one of the applications not covered above and find where useful information is stored. If useful information can be located, make an individual Target for it and place in the appropriate folder. Then, include that Target in the appropriate Compound Target.