I had a report of four possible machines which may have been infected with a relatively harmless threat. We have a container which we throw this sort of machine into, one which triggers and immediate scan along with scans on startup owing to the inability of scans to resume automatically.
The problem I have with this is that it's almost impossible to track the progress of a machine, while scan cancellations are reported to ePO it doesn't seem that the start, end or result of a scan is. I need to be able to track these scans, but at the moment I have to ping the machine, access the agent and grab a text file which may or may not tell me the scan is completed. I also have a query filtered to these machines tracking all VSE events so I can see if any threats were detected, but it's hard to read anything into an absence of events.
Surely there must be a better way of tracking scans and their outcomes, yet I can't seem to find one.