Computers that are pending SCEP Reboot


  • Hi,

    I am trying to identify computers that are reporting a SCEP pending reboot. I mean to say those reporting as 'pending reboot'  to clean infection in SCEP database. I have few more custom criteria that I need to add apart from pending reboot. 

    My real aim here is to find which database view tells me exactly the pending reboot action. I have tried v_gs_antimalwareinfectionstatus and not sure if I can rely on this. The below is my query and I need to add the pending reboot option to the where condition

    SELECT        dbo.v_R_System.Netbios_Name0, dbo.EP_Malware.ThreatName, dbo.EP_Malware.Process, dbo.EP_Malware.Path, dbo.EP_Malware.RemainingActions, dbo.v_GS_OPERATING_SYSTEM.Caption0
    FROM            dbo.v_R_System INNER JOIN
                             dbo.EP_Malware ON dbo.v_R_System.ResourceID = dbo.EP_Malware.MachineID INNER JOIN
                             dbo.v_GS_OPERATING_SYSTEM ON dbo.EP_Malware.MachineID = dbo.v_GS_OPERATING_SYSTEM.ResourceID
                             dbo.v_GS_AntimalwareInfectionStatus ON dbo.v_GS_OPERATING_SYSTEM.ResourceID = dbo.v_GS_AntimalwareInfectionStatus.ResourceID
    left Join v_CH_ClientSummary CS on dbo.v_R_System.ResourceID=CS.ResourceID

    WHERE   (dbo.EP_Malware.ThreatName NOT LIKE 'PUA:Win32%') AND  (dbo.EP_Malware.ThreatName not like 'BrowserModifier:Win32%') AND (dbo.EP_Malware.ThreatName not like 'Adware:Win32%') and (dbo.EP_Malware.ExecutionStatus not like '1')  AND (dbo.v_R_System.Operating_System_Name_and0 like 'Microsoft%Workstation%')                                                     
           AND (CS.ClientActiveStatus = 1)

    Thursday, March 22, 2018 6:52 AM