We have MSCEP 2012 installed on some servers and also on Windows 7 Machines…
I have the WMI calls for Defender as
selects “* FROM MSFT_MpComputerStatus” of wmis “ROOT\Microsoft\Windows\Defender” as string
to see all classes etc, but of course, that doesnt work for MSCEP
Can anyone point me at the correct location for MSCP please… there are somewhat confusing articles on the web.
Thanks
Does this work outside of BigFix? I ask because I’ve had WMI problems before using BigFix, as some classes (especially these kind of non-default namespaces) are only available via 64-bit WMI. So far BigFix doesn’t seem to have any kind of ‘x64 wmi’ or ‘native wmi’ properties as it does for filesystem or registry inspectors.
Actually after much google fu, I found the bits for MSCEP WMI stuff…
selects "* from AntimalwareDetectionStatus " of wmis “ROOT\Microsoft\SecurityClient” as string
and
selects “LastQuickScanAge FROM AntiMalwareHealthStatus” of wmis “ROOT\Microsoft\SecurityClient” as string…
there doesnt appear to be an equivalent to the treat name
selects "ThreatName FROM MSFT_MpThreat " of wmis “ROOT\Microsoft\Windows\Defender” as string
Unless anyone knows another way ?