Jump to content


Sign in to follow this  
cpuprofessional

Endpoint Infected computers Collection

Recommended Posts

I am working on helpdesk remediation strategies for virus notifications. I have setup alerts and find that most viruses get cleaned so the machine does not show up in the at risk collection. I want to setup a collection where a machine is infected so my helpdesk can deploy a cleaning package if the machine cannot be replaced right away.

 

I have setup a device collection with the following criteria however I wanted to make sure this is correct.

Usint he GUI it is set to Criteria

Antimalware Infection Status.ComputerStatus is equal to 2

 

sql view looks like this

 

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_AntimalwareInfectionStatus on SMS_G_System_AntimalwareInfectionStatus.ResourceId = SMS_R_System.ResourceId where SMS_G_System_AntimalwareInfectionStatus.ComputerStatus = 2

 

Jus want to confirm if this looks correct. Running the query shows 1 machine I know to be cleaned but recently infected, however it does not list a second machine listed in the infected computers report, however the report is looking at a week long data.

Share this post


Link to post
Share on other sites


Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...