I was using SQL Server Reporting services to create my own malware report out of SCCM.
Out of the v_GS_Threats table I am able to pull out CleaningAction, however this is an integer and doesn’t really tell me much.
After searching around for a while, I managed to find the information in a Technet Forum post. See below.
CleaningAction | Cleaning Text |
---|---|
0 | Unknown |
1 | Detected |
2 | Cleaned |
3 | Quarantined |
4 | Removed |
5 | Allowed |
6 | Blocked |
9 | Quarantined |
101 | CleanFailed |
102 | QuarantineFailed |
103 | RemoveFailed |
104 | Allow Failed |
105 | Abandoned |
107 | BlockedFailed |
Source: https://social.technet.microsoft.com/Forums/systemcenter/en-US/5df107ba-1956-4025-9ee7-cf8bb51f1837/scep-database-cleaningaction-column?forum=FCSNext
Advertisements