6 Replies Latest reply on Apr 6, 2012 12:55 PM by eddiec

    Can I query information about whether or not an endpoint has been rebooted?

      Hello all,

       

      I am new to this site and to the ePO Web API but I'd like to start out by saying this has got to be one of the most robust and flexible web APIs I've ever worked with. I'm quite impressed. Being new, I have several questions that documentation does not cover. I'll post a series of questions but my very first regards the ability to query whether or not a machine is in a state where it needs a reboot.

       

      I have worked with a couple of other Anti-Virus platforms where a machine will get into a state where it needs to be rebooted, usually because of a client update, but sometimes because an infected file is in use by the system and will be deleted on reboot. In fact, browsing around the ePO database, I discovered records in the EPOEventFilterDesc table where the description is exactly that. For example, event id 1312 has in the description column: "The file %FILENAME% is infected with %VIRUSNAME% %VIRUSTYPE%. The file will be deleted on reboot. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%."

       

      What I am looking to do is provide administrators with a report that says "These machines need to be rebooted as soon as possible" and let the admins work out a schedule that will allow for down time.

       

      Does anyone know if anything like this is available anywhere? I've read all the documentation and poked around the database, but just couldn't find exactly what I was looking for.

       

      Thanks,

      -Eddie