Reporting SCEP update and scan

I am using Microsoft System Center Endpoint Protection on all of the workstations I manage. For all three major platforms, it is a pain to get it to report on when it was last updated and last scanned. By parsing the system logs, I was able to retrieve dates for Mac and Linux, but Windows has been very elusive.

I can see the dates and times in the GUI, but that is impractical to run an automated report on dozens of computers. Does anyone know of a way (preferably using PowerShell, but I can make anything work) to output this data using some sort of script?


Solution 1:

Okay so I wrote the following powershell script to extract the date of most recent update from the log. There's a typo in the logging function of SCEP "succesfully" so when you notice that I also have a typo in my below code it's to match the one in the logs I am searching.

$a=Select-String -Pattern "Update completed succesfully" -Path C:\Windows\Temp\MpCmdRun.log | Foreach {($_ -split ':')[2]}

$lineNumber = $($a | measure -Maximum).Maximum + 1

$lastUpdate = Get-Content -Path C:\Windows\Temp\MpCmdRun.log | Select-Object -Index $lineNumber | Foreach {($_ -split ':\s')[2]}

$lastUpdate = $lastUpdate.Replace("$([char]8206)","")

Write-Host "scep_last_update=$lastUpdate"