I am hoping that maybe someone has already ran into this issue. I am trying to find the right way to convert the time based on a lastconnected date for Defender ATP Sense service.
I can pull the value from the registry as an integer with this relevance
(value “LastConnected” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status” of native registry) as integer
and it will come through with this format 133619845625595618.
I thought this would calculate correctly because it looks like very similar formatting from microsoft as the InstallDate decimal format but I get Singular expression refers to nonexistent object whenever * day is in that evaluation.
((“Thu, 1 Jan 1970 00:00:00 -0500” as time) + ((((value “LastConnected” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status” of native registry) as integer) / 60 / 60 / 24) * day))
I can do this in Powershell but I was hoping to have a property available for reporting purposes. This is what works in Powershell to pull the date format correctly, any suggestions?
$LastConnected = (Get-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status” -ErrorAction SilentlyContinue | Select-Object -ExpandProperty LastConnected )
$LastSenseTimeStamp = [DateTime]::FromFiletime([Int64]::Parse($LastConnected))