Thank you for posting your query
McAfee ePO 5.10 provides a default built in query Endpoint Security Threat Prevention: AMCore Content Compliance Status to generate a report for AMcore content. You may duplicate this query, save it with a new name, click on edit and add the AMCore Content Version and AMCore Content Date in the columns section of the query. This will give you the details of the content date and version.
That got me most of what I needed. The only other thing I need is the date and time the content was updated or downloaded to the system. Does the EPO log that some where? I am working on a compliance report and they are being very specific on the data they want.
The only thing that is recorded, if the event id's are enabled, is the update succeeded event id. However, that could be misleading, as the update may not necessarily be amcore, but could have been a patch, agent key updater, or some other update. You might be able to create a query with maybe some keyword filters for the event ID 2401- update succeeded and amcore compliance days - that might give some idea of when it was installed, but won't be exact.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Thanks for your response.
You can duplicate the by default query and modified it with the date and all.
After duplicating the query please rename it and click on edit and under Filter option you will get the option for Amcore Content Date.
Please see the screenshot.
The other thing you can do here to create a new query,
Query & Reports>New Query>Systems>Next>Select Table>Next>Add Amcore content Date in columns and click next>in Filter option add Amcore Content Date and run the query and the output will be like below screenshots:
Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
I would go with @cdinet's response here. The filter Amcore Content Date as mentioned in the previous post will not work as that is the Content Creation date from McAfee.
Hence, I am afraid this will not reflect the actual timestamp of the client's update download. I hope this clarifies your last query.
Here is the detail on AmCore compliance and AmCore Content Date explained in the FAQs document.
I sincerely hope this clarifies!