Endpoint Protection

Is there another way besides checking for the C:\SERT\ location scan session data to verify that a user has run a SERT disc scan? Can this be pulled from the scan log from within SEP or no?

I need to verify users have run the scan and want to find out if there are other ways to determine the scan status?

Are there specific events in the event manager that are logged when the user logs back in?

NO, this information is not stored in SEP or SEPM.

You won't find it in the SEPM.

Are there any logs or something that can be searched on the local machine to indicate this was run ? Is there an entry made in the registry or any type of log besides the scan log and looking for the SERT folder on the root with the latest modified date as an indication this was executed? Still doesn't really confirm that it ran completely though.

How are user's running this scan? This is meant to be a Live CD so I'm not sure you're going to find anything within logs or even much to indicate that it ran...I didn't even know anything was created on C: after it ran...news to me...

You can select whether to save scan session on one of the last dialogs before selecting the scan option. Also you can leave the default undo options selected and there will be a SERT folder left on the root of the computer with the data if that is the location you leave to be selected as the default.

That's probably the only way then. I know it doesn't integrate into anything and is just standalone. Other than what you mentioned that's probably going to be about it in terms of logging.