Endpoint Protection

Hello all

I am trying to find out which table and which rows apply to the view in the SEP management console that relates to the small "Endpoint Status" window, specifically which computers have a status of Disabled...

I have tried to search myself but am coming up short, and i am not seeing much correlation between the database rows and the report from the management console.

Below is the window i am refering to.

 

Please if anyone could point me in the general direction it would be greatly appreciated!

 

Have you looked at the computer status log? You can export to CSV and drop into excel. From there you can filter on the columns which shkw exactly which component is disabled.

I haven't looked at the computer status log.. is that something I can pull from the SEP database? I am trying to automate some tasks based on the 'Disabled' computers from the above screenshot.

It needs to be run from the SEPM. You can go thru the DB schema to pull specific http://www.symantec.com/docs/DOC8633

Here you go :) I Remember It took me some time to figure this one out. 

SELECT CMP.COMPUTER_NAME, CMP.OPERATION_SYSTEM, AGT.AGENT_VERSION,DATEADD(hh,1,DATEADD(S, CONVERT (BIGINT, AGT.LAST_UPDATE_TIME) / 1000, CONVERT(DATETIME, '1-1-1970 00:00:00')))
AS LASTCHECKIN, CASE WHEN (AP_ONOFF not like '1') Then 'Malfunctioning' ELSE 'OK' END as AntivirusEngine,
CASE WHEN (PTP_ONOFF  like '4' or PTP_ONOFF  like '127') Then 'Malfunctioning' ELSE 'OK' END as SONAR,
CASE WHEN (CIDS_DRV_ONOFF  like '4' or CIDS_DRV_ONOFF  like '127 ') Then 'Malfunctioning' ELSE 'OK' END as [Network IPS]
  FROM   DBO.[SEM_AGENT] as AGT join  DBO.SEM_COMPUTER  CMP on CMP.COMPUTER_ID = AGT.COMPUTER_ID
 where (CIDS_DRV_ONOFF  like '4' or CIDS_DRV_ONOFF  like '127 ')
  or (AP_ONOFF not like '1')
  or (PTP_ONOFF  like '4' or PTP_ONOFF  like '127')

  order by PTP_ONOFF

 

Torb