as far as I know the status of the McShield process is not registered/updated in the ePO DB. However, there are events like "the service was started" and "The service was stopped", possibly sent when during boot or a DAT update the Mcshield service stops or starts. These events have their event codes which you can query on if you do not incidentally or purposely filtered out them.
Events and codes can be found in the McAfee KB for various product.
I hope I could understand your request properly.
I know this opportunity with Events, but i think in some Table on EPO-DB you can find OnAccesScanner Value=1 if run, and Value=0 if not run.
that wolud be same for McSchield check i think.
the problem is i didn't find until now this Table?
where exactly would be these two fields in ePO DB? I did not find them anywhere. In my opinion keeping track Mcshield or On Access Scanner running status might be a bit lagged since these statuses would be reported by the McAfee Agent which has a predefined interval for property communication and even if we considered this status a major event (where a diferent communication interval can be set), then - I guess - 1 minute would be the least interval that you can set before it is sent to the ePO server.
I think the active / inactive status may be too dynamic for centrally keeping track of it...
What do you think?