Notification

Icon
Error

Another AV report request

Posted: Friday, February 26, 2016 8:31:42 PM(UTC)
jmje

jmje

Member Posts: 18
0
Like
This issue has been solved! Click here to view the solution
Hi, I've been trying to get a report that will show me if a machine doesn't have the current Symantec Endpoint protection installed. I have it showing me ANY antivirus that is out of date, but that's part of the problem.

I'd like a few reports in the end that give me these specifics :

1) Symantec Endpoint Protection, out of date or disabled.
2) More than 1 Antivirus product installed.
3) No Antivirus installed. (Already have, and it appears to work fine.)

I work in a multi-domain environment, so if I can get the following in the report, that'd be great.

1) Asset name
2) domain
3) IP Address
4) Antivirus enabled/disabled, version of signature file if out of date, etc... as appropriate for the 3 reports above.

Thanks in advance. I'm apparently pretty bad at sql queries, and we're a small IT shop without SQL programmers, so it's been hard going.

J
ict-user
#1ict-user Member  
posted: 2/29/2016 9:59:32 AM(UTC)
1:
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblAntivirus.DisplayName As Antivirus
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblAntivirus On tblAssets.AssetID = tblAntivirus.AssetID
Where tblAntivirus.DisplayName Like '%Symantec%' And tblAssetCustom.State = 1
And tblAntivirus.productUpToDate = 0
Order By tblAssets.AssetName

jmje
#2jmje Member  
posted: 2/29/2016 2:08:57 PM(UTC)
Thanks much.

Is that "out of date" OR "disabled", though?
Looking at the results it's showing me assets with AV enabled that are out of date, but not devices that have AV disabled. Does this need to be 2 separate reports?

Thanks again!

J
ict-user
#3ict-user Member  
posted: 3/1/2016 1:47:04 PM(UTC)
out of date
jmje
#4jmje Member  
posted: 3/1/2016 2:59:24 PM(UTC)
Ok. Thank you. :)
Unhappymeal
#5Unhappymeal Member  
posted: 5/19/2017 5:23:52 PM(UTC)
Is there a way to add what the out of date def file is? i found the reg key and value.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate]
"LatestVirusDefsDate"="2017-05-19"

Active Discussions

Action Delete old user profiles
by  warlock1663   Go to last post Go to first unread
Last post: 9/7/2017 7:14:30 PM(UTC)
Action Remote BlueScreenView
by  Tomas  
Go to last post Go to first unread
Last post: 9/5/2017 12:27:47 PM(UTC)
Action Disable Credential Manager
by  wilkinsonian   Go to last post Go to first unread
Last post: 5/23/2017 8:38:07 PM(UTC)
Action "Unable to contact to host:host.domain.com access denied."
by  kltr  
Go to last post Go to first unread
Last post: 4/7/2017 12:16:38 PM(UTC)
Action Ping Sweep a Subnet
by  IFIT   Go to last post Go to first unread
Last post: 12/13/2016 7:33:35 PM(UTC)
Action Open remote C$ share
by  Jimurray   Go to last post Go to first unread
Last post: 10/19/2016 5:32:21 PM(UTC)
Action Find lost space the easy way (spacesniffer.exe)
by  danielm  
Go to last post Go to first unread
Last post: 9/9/2016 3:42:09 PM(UTC)