Scratch

Function Write-Log {

    Param($ScriptState)

    Switch ($ScriptState) {

        "Information" {

            $EventId = 17623

            $EventLevel = 0 # 0=Info, 1=Error, 2=Warning

        }

        "Warning" {

            $EventId = 17624

            $EventLevel = 2 # 0=Info, 1=Error, 2=Warning

        }

        "Error" {

            $EventId = 17625

            $EventLevel = 1 # 0=Info, 1=Error, 2=Warning

        }

    }

    $End = Get-Date

    $TimeCount = (New-TimeSpan -Start $StartTime -End $End)

    $MomApi.LogScriptEvent("$ScriptName executed in $($TimeCount.Minutes)`m $($TimeCount.Seconds)`s $($TimeCount.Milliseconds)`ms", $EventId, $EventLevel, "`nRunning as: $Account`nWorkflow Name: $WorkflowName`nManagement Pack: $($MPName) $("($MpVersion)")`nPowerShell Version: $PSVersion`nScript output: $Message")

}

Function Set-TerminatingError {

    $ScriptState = "Error"

    $Message += "A terminating error occurred. Error output: (" + $_.Exception.Message + ").`n"

    Write-Log -ScriptState $ScriptState

}

Function Get-LastUpdateCheck {

    Try {

        $PSVersion = $PSVersionTable.PSVersion

        [string]$PSMajor = $PSVersion.Major

        [string]$PSMinor = $PSVersion.Minor

        $PSVersion = $PSMajor + "." + $PSMinor

        $Bag = $MomApi.CreatePropertyBag()

        $RegKey = "HKLM:\SOFTWARE\WOW6432Node\Network Associates\TVD\Shared Components\Framework"

        $RegValue = "LastUpdateCheck"

        $WarningThreshold = $StartTime.AddMinutes(-3)

        $GetRegValue = ((Get-ItemProperty -ErrorAction Ignore -Path $RegKey).$RegValue)

        If ($GetRegValue) {

            $ConvertRegTime = [DateTime]::ParseExact($GetRegValue, 'yyyyMMddHHmmss', $null)

            If ($ConvertRegTime -lt $WarningThreshold) {

                $FormatConvertRegTime = $ConvertRegTime.ToString("dd/MM/yyyy HH:mm:ss")

                $TimeCount = (New-TimeSpan -Start $ConvertRegTime -End $StartTime)

                $Bag.AddValue("Result", "BAD")

                $Bag.AddValue("Message", "The last security update check was $($TimeCount.Days) days ago on $FormatConvertRegTime.")

            }

            else {

                $Bag.AddValue("Result", "GOOD")

                $Bag.AddValue("Message", "OK")

            }

        }

        else {

            $Message += "Registry value missing: $RegKey\$RegValue."

            $Bag.AddValue('Result', 'BAD')

            $Bag.AddValue('Message', $Message)

        }

        $Bag

        # FOR TESTING

        $MomApi.Return($Bag)

        #>

        # Can add functionality here to set warning state but there is no need in this script.

        $ScriptState = "Information"

        Write-Log -ScriptState $ScriptState

    }

    Catch {

        Set-TerminatingError

    }

}

# Declare all constants used by the script

$MomApi = New-Object -comObject 'MOM.ScriptAPI'

$ScriptName = "LastUpdateCheck.ps1"

$Account = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name

$WorkflowName = "Trellix.Monitor.LastUpdateCheck"

$MPName = "Trellix.Monitoring"

$MpVersion = "2023.5.16.4"

[DateTime]$StartTime = Get-Date

Get-LastUpdateCheck