cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jmje
Engaged Sweeper III
Hi, I've been trying to get a report that will show me if a machine doesn't have the current Symantec Endpoint protection installed. I have it showing me ANY antivirus that is out of date, but that's part of the problem.

I'd like a few reports in the end that give me these specifics :

1) Symantec Endpoint Protection, out of date or disabled.
2) More than 1 Antivirus product installed.
3) No Antivirus installed. (Already have, and it appears to work fine.)

I work in a multi-domain environment, so if I can get the following in the report, that'd be great.

1) Asset name
2) domain
3) IP Address
4) Antivirus enabled/disabled, version of signature file if out of date, etc... as appropriate for the 3 reports above.

Thanks in advance. I'm apparently pretty bad at sql queries, and we're a small IT shop without SQL programmers, so it's been hard going.

J
1 ACCEPTED SOLUTION
ict-user
Engaged Sweeper III
1:
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblAntivirus.DisplayName As Antivirus
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblAntivirus On tblAssets.AssetID = tblAntivirus.AssetID
Where tblAntivirus.DisplayName Like '%Symantec%' And tblAssetCustom.State = 1
And tblAntivirus.productUpToDate = 0
Order By tblAssets.AssetName

View solution in original post

5 REPLIES 5
Unhappymeal
Engaged Sweeper
Is there a way to add what the out of date def file is? i found the reg key and value.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate]
"LatestVirusDefsDate"="2017-05-19"
jmje
Engaged Sweeper III
Ok. Thank you. 🙂
ict-user
Engaged Sweeper III
out of date
jmje
Engaged Sweeper III
Thanks much.

Is that "out of date" OR "disabled", though?
Looking at the results it's showing me assets with AV enabled that are out of date, but not devices that have AV disabled. Does this need to be 2 separate reports?

Thanks again!

J
ict-user
Engaged Sweeper III
1:
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblAntivirus.DisplayName As Antivirus
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblAntivirus On tblAssets.AssetID = tblAntivirus.AssetID
Where tblAntivirus.DisplayName Like '%Symantec%' And tblAssetCustom.State = 1
And tblAntivirus.productUpToDate = 0
Order By tblAssets.AssetName