detection script

 # Detection Script for Visio Usage (System Context)

# Triggers remediation only if Visio is installed AND last use was > $daysThreshold days.

# Otherwise returns compliant (exit 0).

$daysThreshold = 90

$prefetchPath = Join-Path $env:SystemRoot 'Prefetch'

# Common C2R paths for Visio

$visioExePaths = @(

    "$env:ProgramFiles\Microsoft Office\root\Office16\VISIO.EXE",

    "${env:ProgramFiles(x86)}\Microsoft Office\root\Office16\VISIO.EXE"

)

# --- Detect if Visio is installed ---

$visioInstalled = $false

foreach ($path in $visioExePaths) {

    if (Test-Path -LiteralPath $path) {

        $visioInstalled = $true

        break

    }

}

if (-not $visioInstalled) {

    # As requested: if Visio is NOT installed, treat as compliant (no remediation needed)

    Write-Output "Compliant: Visio is not installed on this device — nothing to remediate."

    

}

# --- Visio installed: check Prefetch for usage evidence ---

# Prefetch may be disabled or cleaned; handle safely

try {

    $prefetchFiles = Get-ChildItem -Path $prefetchPath -Filter "VISIO.EXE-*.pf" -ErrorAction Stop

} catch {

    $prefetchFiles = $null

}

if (-not $prefetchFiles) {

    # As requested: if no PF file, treat as compliant (do not trigger remediation)

    Write-Output "Compliant: Visio installed but Prefetch (.pf) file not found — cannot determine last use; skipping remediation."

    

}

# Find the most recent usage timestamp from Prefetch

$lastRunTime = ($prefetchFiles | Sort-Object LastWriteTime -Descending | Select-Object -First 1).LastWriteTime

$daysSinceLastRun = [int](New-TimeSpan -Start $lastRunTime -End (Get-Date)).TotalDays

if ($daysSinceLastRun -le $daysThreshold) {

    Write-Output "Compliant: Visio installed and used within $daysSinceLastRun day(s) (threshold $daysThreshold)."

    exit 0

} else {

    Write-Output "Non-Compliant: Visio installed but last use was $daysSinceLastRun day(s) ago (> $daysThreshold). Trigger remediation."

    exit 1

}