Endpoint Protection

When calling a batch file for a custom notification, the "File Path" is invalid as an XML attribute

<Risk Name='EICAR Test String' File Path='C:\Users\john.doe\AppData\Local\Temp\NLJ4MYz4.com.part'  . . .  ActualAction='3' />

Can this XML template be modified somewhere or is this fixed after v12.1?

My requirement is valid XML (though it would be nice to see an ISO 8601 date format as well so that we get simpler parsing and a time zone specifier)  .

The space between "File" and "Path" in "File Path" makes this an invalid XML document.  It treats both "File" and "Path" as attributes.

Exact version is 12.1.4104.4130

This is the current output:

<Risk Name='EICAR Test String' File Path='C:\Temp\NLJ4MYz4.com.part' EventDateTime='Nov 2, 2014 4:22:06 AM' EventInsertTime='Nov 2, 2014 4:23:36 AM' Source='Real Time Scan' Description='""' User='joe.blow' Computer='abc-123' IPAddress='1.1.1.1' Domain='montpelierre.net' Server='SEP.xyztr.com' ClientGroup='My Company\Laptops' ActualAction='3' />

XML Parsing Error: not well-formed
Location: file:///C:/temp/x.xml
Line Number 1, Column 37:

This would make it valid XML:

<Risk Name='EICAR Test String' FilePath='C:\Temp\NLJ4MYz4.com.part' EventDateTime='Nov 2, 2014 4:22:06 AM' EventInsertTime='Nov 2, 2014 4:23:36 AM' Source='Real Time Scan' Description='""' User='joe.blow' Computer='abc-123' IPAddress='1.1.1.1' Domain='montpelierre.net' Server='SEP.xyztr.com' ClientGroup='My Company\Laptops' ActualAction='3' />

Are there any code snippets/examples available online demonstrating how to get this XML data into PowerShell?

I've had to use a multi-step process of:

1. SEPM notification calls batch file
2. Batch file saves malformed XML to a temp file and then calls PowerShell script with the file as an argument
3. PowerShell script strips quotes from XML and fixes "File Path"
4. PowerShell script loads resulting string as XML

That seems pretty inefficient.  Has anybody done anything more elegant?