I wanted to retreive the Windows Defender signature version and the date it was last updated. I can retrieve this via a registry scan. The update date is in binary format so this is pretty useless in this form. Is there a way to return a value via powershell, for instance via this command:
[datetime]::FromFileTime([BitConverter]::ToInt64((Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows Defender\Signature Updates').SignaturesLastUpdated,0))
and put this in a custom field or variable, or some other place so that I can build a collection with it?
Please sign in to leave a comment.