Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 3530 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Monitoring Endpoint Status

Boris Scampini

I need to monitoring the client status, so i need to check if the client it's ok or was find a virus/PUA. I need to extract this information to create a script that send it to our monitor



This thread was automatically locked due to age.
  • 0

    Hello Boris Scampini,

    are these managed endpoints, if so - SEC or Central? Should this be real-time or periodically?

    Christian

  • 0 in reply to QC

    Hello Christian,

     

    i have some server managed with SEC and some with standalone client. I need to check it every 5 min. 

     

    Boris

  • +1 in reply to Boris Scampini

    Hello Boris,

    so you want to monitor these SA clients? Guess all you can do is to periodically check the values under HKLM\SOFTWARE\[Wow6432Node\]Sophos\SavService\Status\. Please note that it reflects the status, that is e.g. the Infected count will be re-set to zero if a detected item has been cleaned.

    An, excuse me, rather strange requirement though - unmanaged but monitored? What about email alerts  sent from the endpoint? But of course they are event-driven.

    Christian

  • 0 in reply to QC

    Thanks Christian,

     

    unmanaged server can't comunicate with our SEC, but we need to control the AV status. The only way is by our monitoring system, i don't use email alerts, because we receive a lot of this from other system/application.
     
    Boris
Unfiltered HTML