cancel
Showing results for 
Search instead for 
Did you mean: 

Reporting on Last Known AV Scan in VSE 8.8 P2

Jump to solution

Hi Guys

Does anyone know if it is possible to create an AntiVirus Last Known Scan time + Date report??

I have been looking through the reporting function and can report on the DAT levels but not the last known scan.. Does anyone know if I have overlooked it?

Cant see it any HOOOO....


Cheers.

Bruce

Message was edited by: brucebishtoncds on 03/02/13 13:34:03 CST
0 Kudos
1 Solution

Accepted Solutions
waynediesel
Level 9

Re: Reporting on Last Known AV Scan in VSE 8.8 P2

Jump to solution

Bruce -

Like Hem said, you can create a report off of that Event ID 1203, however you need to make sure that you are actually collecting that Event ID in the first place or that query will never show you any values.

Under Menu -> Server Settings -> Event Filtering -> make sure you have 1203: On Demand scan complete (Info) checked.

If you want to see the start time to give you an idea of how long these scans last on each machine, you can also select 1202.

0 Kudos
13 Replies
hem
Level 15

Re: Reporting on Last Known AV Scan in VSE 8.8 P2

Jump to solution

You can create a report with Event ID 1203 which is for ODS completed.

0 Kudos
waynediesel
Level 9

Re: Reporting on Last Known AV Scan in VSE 8.8 P2

Jump to solution

Bruce -

Like Hem said, you can create a report off of that Event ID 1203, however you need to make sure that you are actually collecting that Event ID in the first place or that query will never show you any values.

Under Menu -> Server Settings -> Event Filtering -> make sure you have 1203: On Demand scan complete (Info) checked.

If you want to see the start time to give you an idea of how long these scans last on each machine, you can also select 1202.

0 Kudos

Re: Reporting on Last Known AV Scan in VSE 8.8 P2

Jump to solution

Thanks Wayne and Diver.. Exactly the info I needed.

How do you pick the Event ID when creating the report... Im looking for Event ID....LOL That would be too obvious though wouldnt it!!

Regards

Bruce

Message was edited by: brucebishtoncds on 15/02/13 14:14:33 CST
0 Kudos

Re: Reporting on Last Known AV Scan in VSE 8.8 P2

Jump to solution

Hi Guys

My AV 8.8 p2 doesnt seem to be generating the 1202 + 1203 logs.. If this is even possible this solution is a waste of time....

What could stop these events from even being created at the client end??

Regards

Bruce

0 Kudos
diver
Level 7

Re: Reporting on Last Known AV Scan in VSE 8.8 P2

Jump to solution

Hi !
Are you sure that you did what waynediesel wrote:

Under Menu -> Server Settings -> Event Filtering -> make sure you have 1203: On Demand scan complete (Info) checked.

the event is allways created but not allways send to epo Server !

just doublecheck this

0 Kudos
waynediesel
Level 9

Re: Reporting on Last Known AV Scan in VSE 8.8 P2

Jump to solution

Diver - I am positive that I did what I wrote. I have had this in place in my environment for several months now. I always receive the client events from a managed On Demand Scan.

ePO_1203_ODS.JPG

0 Kudos
streger
Level 7

Re: Reporting on Last Known AV Scan in VSE 8.8 P2

Jump to solution

Anyone know why events Id's 1203 and 1202 are suddenly not in ePO?

Workstations are still starting and completing ODS tasks.

But ePO has not logged a 1203 since March 6th from either a workstation or a server.

I verified the Events are still checked in the filtering. I don't see the events generated on the workstation (where to look?), though the scan log shows the start and stop and summary.

Drilling down on the object in ePO the agent cannot pull up the workstation log.  Is that a Firewall network issue?

0 Kudos
waynediesel
Level 9

Re: Reporting on Last Known AV Scan in VSE 8.8 P2

Jump to solution

Are the workstations still sending other events and communicating successfully with the ePO server? If yes, then this is not a firewall issue.

You can check the threat event log in ePO on each machine. Search for the machine by hostname or IP address in ePO, click on it, and then click on the Threat Events tab. From here you will see how the threat event sent to ePO for that machine by their endpoint products.

0 Kudos
streger
Level 7

Re: Reporting on Last Known AV Scan in VSE 8.8 P2

Jump to solution

Resolved.

The Management Extensions and Report Extensions were corrupted when importing patch 3 for VSE 8.8

Once I removed them and reinstall them the events all stated to appear (huge data gap from March 6th until today though).

Thanks for the help.

0 Kudos