Endpoint Protection

 View Only

  • 1.  Report of all laptops that have not connected in 90 days?

    Posted Apr 13, 2016 04:01 PM

    I am attempting to get a report from my SEPM that will list all laptops that have not connected to the SEPM in "X" number of days.

    I did not see anything within the console that would get me the data I need, so I was hoping that somewhere in the SEPM database the Chassis Type was stored. I've checked SEM_COMPUTER, SEM_OS_INFO and a handful of other tables... sadly no joy. Does anyone know if chassis type is somewhere hidden in the SEPM DB?

    Thanks for any suggestions.

    -Mike



  • 2.  RE: Report of all laptops that have not connected in 90 days?

    Posted Apr 13, 2016 04:04 PM

    On the Monitors >> Logs page and Computer Status if you select the Advanced Settings link and set your Online Status to "Offline" does that not work?



  • 3.  RE: Report of all laptops that have not connected in 90 days?

    Posted Apr 13, 2016 04:42 PM

    Yes...that will get me ALL machines that are currently offilne. But I specifically need just the laptops (no desktops, servers, etc...)



  • 4.  RE: Report of all laptops that have not connected in 90 days?

    Trusted Advisor
    Posted Apr 13, 2016 04:45 PM

    As far as I am aware, you cannot sort the reports by hardware type - you'll have to do it directly to the database, I'm afraid.



  • 5.  RE: Report of all laptops that have not connected in 90 days?

    Posted Apr 13, 2016 05:00 PM

    Do you have them grouped accordingly?



  • 6.  RE: Report of all laptops that have not connected in 90 days?

    Posted Apr 13, 2016 05:02 PM

    Thanks Tony...that is really my big question at this point, is chassis type (or the like) somewhere in the SEPM database.



  • 7.  RE: Report of all laptops that have not connected in 90 days?

    Trusted Advisor
    Posted Apr 13, 2016 05:03 PM

    I haven't dug the database for a while so I'm not sure where it is stored.

    The other way is to group them in the Client list, but I'm assuming you don't want to do this?



  • 8.  RE: Report of all laptops that have not connected in 90 days?

    Trusted Advisor
    Posted Apr 13, 2016 05:06 PM

    This might get you started:

    Symantec Endpoint Protection Manager 12.1.2 Database Schema: https://support.symantec.com/en_US/article.DOC6039.html

    Symantec™ Endpoint Protection Manager Database Schema Reference: https://support.symantec.com/en_US/article.DOC4935.html

    Compilation of SQL queries to the SEPM database: https://www-secure.symantec.com/connect/articles/compilation-sql-queries-sepm-database

     



  • 9.  RE: Report of all laptops that have not connected in 90 days?

    Posted Apr 13, 2016 05:33 PM

    Tony...again I thank you for the information and persistence. I'm pretty familar with the SEPM DB schema, here is a link to the 12.1.6 Schema BTW:

    https://support.symantec.com/en_US/article.DOC8633.html

    I was hoping that the chassis type was somewhere in the DB, just not named in an obvious way. Sadly my SQL queries thus far have yeilded nothing. It appears that the information I'm after does not currently exist in the SEPM database. So my solution will probably be a Custom Host Integrity rule that queries the registry of the client machine, and then logs the data I'm after in the SEPM DB. So in 90 days from now, I should be able to gather the information I need.

    Thanks for the replies!

    -Mike



  • 10.  RE: Report of all laptops that have not connected in 90 days?

    Trusted Advisor
    Posted Apr 14, 2016 01:44 AM

    Thanks for sharing the v12.1.6 schema, didn't realise it was updated last month! :D

    Hope you'll be able to get what you need using different method and would be good if you could share your findings if you do manage to get this to work.