I was using SQL Server Reporting services to create my own malware report out of SCCM.
Out of the v_GS_Threats table I am able to pull out CleaningAction, however this is an integer and doesn’t really tell me much.
After searching around for a while, I managed to find the information in a Technet Forum post. See below.
| CleaningAction | Cleaning Text |
|---|---|
| 0 | Unknown |
| 1 | Detected |
| 2 | Cleaned |
| 3 | Quarantined |
| 4 | Removed |
| 5 | Allowed |
| 6 | Blocked |
| 9 | Quarantined |
| 101 | CleanFailed |
| 102 | QuarantineFailed |
| 103 | RemoveFailed |
| 104 | Allow Failed |
| 105 | Abandoned |
| 107 | BlockedFailed |
Source: https://social.technet.microsoft.com/Forums/systemcenter/en-US/5df107ba-1956-4025-9ee7-cf8bb51f1837/scep-database-cleaningaction-column?forum=FCSNext
Advertisements
