This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Finding SEC out-of-date status in Reporting Interface

Management wants us to produce daily report on which endpoint is out-of-date as seen in SEC.  The status should match the "Not since DD/MM/YYYY hh:mm:ss" in Up to date status, under the Anti-virus details tab.

We are running SEC 5.5.0 and Reporting Interface 5.1.

I have looked at Report Manager in SEC.  The closest one is the managed endpoint protection report, but it only shows the percentage or number of endpoints that are not up to date.  It cannot list out the individual endpoints.

Is it possible to determine it through Reporting Interface?  I have successfully installed it and is able to generate reports through Powershell, but I am not able to figure out how the out-of-date status is determined by SEC.



This thread was automatically locked due to age.
Parents
  • Hello Silvester Man,

    Management wants
    for what purpose (other than having yet another bunch of records to file away)? Don't they have some real work to do [:P]?

    Using the SRI [vComputerHostData].ComputerID [vComputerPackageMapping].ComputerID ⇔ PackageID[vPackageData].PackageIDExpiryTime,Expired
    Expired=0 and ExpiryTime NOT NULL indicates the current (Up to Date) package. ExpiryTime is UTC, it's adjusted for the timezone and UpToDateLatencyMins is added to yield the threshold. If the current time is later then SEC displays the computer as Not since <threshold>.

    I hope it's clear and correct and helps.

    Christian

Reply
  • Hello Silvester Man,

    Management wants
    for what purpose (other than having yet another bunch of records to file away)? Don't they have some real work to do [:P]?

    Using the SRI [vComputerHostData].ComputerID [vComputerPackageMapping].ComputerID ⇔ PackageID[vPackageData].PackageIDExpiryTime,Expired
    Expired=0 and ExpiryTime NOT NULL indicates the current (Up to Date) package. ExpiryTime is UTC, it's adjusted for the timezone and UpToDateLatencyMins is added to yield the threshold. If the current time is later then SEC displays the computer as Not since <threshold>.

    I hope it's clear and correct and helps.

    Christian

Children
  • Thank you, Christian.  Sophserv had kept telling me they can't/won't do anything about it as it is not break-fix issue and I should request a feature add in SEC for a month, and you solved it in less than a day.

    Well, management being management, 9 out of 10 will set a rule to auto-delete the report and the remaining one will ask why if the report is empty and why if the report has entries.

  • Hello Silvester Man,

    the remaining one will ask
    [:D]

    To get some benefit from this "exercise" you could compare the Not since with [vComputerHostData].LastMessageReceivedTime]. If LastMessageReceivedTime is significantly more recent this indicates a potential updating issue.

    Christian