Table sem5.dbo.SEM_AGENT
Keeps agents information

Generated by
SchemaSpy
Legend:
Primary key columns
Columns with indexes
Implied relationships
Excluded column relationships
< n > number of related tables
 
Column Type Size Nulls Auto Default Children Parents Comments
AGENT_ID char 32
AGENT_TYPE varchar 64  √  null Type of the agent installed:
105 = Symantec Endpoint Protection
151 = Symantec Network Access Control
R_OS_TYPE int 4  √  null Enum that indicates the operating system on the client computer.
COMPUTER_ID char 32  √  null GUID of the register computer
DOMAIN_ID char 32  √  null GUID of the domain
GROUP_ID char 32  √  null Current group GUID of the agent
AGENT_VERSION nvarchar 128  √  null Version of agent software
PROFILE_VERSION varchar 64  √  null Current profile version of agent
PROFILE_SERIAL_NO varchar 64  √  null Current profile serial number of agent
PROFILE_CHECKSUM char 32  √  null Current profile checksum of agent
IDS_VERSION varchar 64  √  null Current IDS version of agent
IDS_SERIAL_NO varchar 64  √  null Current IDS serial number of agent
IDS_CHECKSUM char 32  √  null Current IDS checksum of agent
HI_STATUS int 4  √  null Host integrity status:
0 = Fail
1 = Success
2 = Pending
3 = Disabled
4 = Ignore
HI_REASONCODE int 4  √  null Host integrity reason code:
0 = Pass
101 = Antivirus version is out-of-date
102 = Antivirus is not running
103 = Script failed
104 = Check is incomplete
105 = Check is disabled
127 = Location changed
HI_REASONDESC nvarchar 4000  √  null Host integrity description
CREATION_TIME bigint 8  √  null Create time of the agent
STATUS tinyint 1  √  null Online status of the agent (0 = offline, 1 = online)
LAST_UPDATE_TIME bigint 8  √  null Last online time of the agent
LAST_SERVER_ID char 32  √  null Last connected server GUID
LAST_SITE_ID char 32  √  null Last connected site GUID
ATTRIBUTE_EXTENSION nvarchar 4000  √  null Not used
FULL_NAME nvarchar 512  √  null Employee full name
EMAIL nvarchar 258  √  null Employee email
JOB_TITLE nvarchar 256  √  null Employee job title
DEPARTMENT nvarchar 256  √  null Employee department
EMPLOYEE_NUMBER varchar 32  √  null Employee number
EMPLOYMENT_STATUS varchar 16  √  null Employee status
OFFICE_PHONE varchar 32  √  null Employee office number
MOBILE_PHONE varchar 32  √  null Employee mobile number
HOME_PHONE varchar 32  √  null Employee home phone number
USN bigint 8 Update serial number; used by replication
TIME_STAMP bigint 8 Time that the record was modified; used to resolve merge conflict
DELETED tinyint 1 The deleted flag of the schema object:
1 = Deleted
0 = Not Deleted
RESERVED_INT1 int 4  √  null
RESERVED_INT2 int 4  √  null
RESERVED_BIGINT1 bigint 8  √  null
RESERVED_BIGINT2 bigint 8  √  null
RESERVED_CHAR1 char 32  √  null
RESERVED_CHAR2 char 32  √  null
RESERVED_VARCHAR1 nvarchar 520  √  null
PATTERN_IDX char 32 ('') Pointer to table 'pattern'
AP_ONOFF tinyint 1 ((127)) AutoProtect status:
1 = on
2 = Not installed
0 = off
127 = Not reporting
INFECTED tinyint 1 ((0)) Whether the client computer is infected:
0 = Not infected
1 = Infected
WORSTINFECTION_IDX int 4 ((9999)) Worst detection:
0 = (Severity 0) Viral
1 = (Severity 1) Non-Viral malicious
2 = (Severity 2) Malicious
3 = (Severity 3) Antivirus - Heuristic
5 = (Severity 5) Hack tool
6 = (Severity 6) Spyware
7 = (Severity 7) Trackware
8 = (Severity 8) Dialer
9 = (Severity 9) Remote access
10 = (Severity 10) Adware
11 = (Severity 11) Jokeware
12 = (Severity 12) Client compliancy
13 = (Severity 13) Generic load point
14 = (Severity 14) Proactive Threat Scan - Heuristic
15 = (Severity 15) Cookie
9999 = No detections
LAST_SCAN_TIME bigint 8 ((0)) Last scan time for this agent (GMT)
LAST_VIRUS_TIME bigint 8 ((0)) Last time virus was detected on the client computer (GMT)
CONTENT_UPDATE tinyint 1 ((1)) Accepts content update: 1 = Yes, 0 = no
AVENGINE_ONOFF tinyint 1 ((127)) RTVScan status:
1 = on
2 = Not installed
0 = off
127 = Not reporting
TAMPER_ONOFF tinyint 1 ((127)) Tamper Protection status:
1 = on
2 = Not installed
0 = off
127 = Not reporting status
MAJOR_VERSION int 4 ((0)) SEP version: 11
MINOR_VERSION int 4 ((0)) Minor version
REBOOT_REQUIRED tinyint 1 ((0)) Reboot Required: 0 = No, 1 = Yes
REBOOT_REASON varchar 128 ('') Format is = ; = ...
Components:
AVMAN = Antivirus
LUMAN = LiveUpdate
FW = Network Threat Protection
GUP = Group Update Provider
Reasons:
1 = risk remediation to complete
2 = product patch to apply
3 = content download to apply
LICENSE_STATUS int 4 ((-1)) For future use
LICENSE_EXPIRY bigint 8 ((0)) For future use
TIMEZONE int 4 ((0)) Time zone offset of the client computer
FIREWALL_ONOFF tinyint 1 ((127)) Firewall status: 1 = On, 2 = Not installed, 0 = Off, 127 = Not reporting
FREE_MEM bigint 8  √  null Free memory available
FREE_DISK bigint 8  √  null Free disk space available
LAST_DOWNLOAD_TIME bigint 8 ((0)) Last download time
CURRENT_CLIENT_ID char 32  √  null Client that logs on this agent.
LICENSE_ID char 32  √  null SEP license ID
IS_GRACE tinyint 1 ((0)) Is the license in grace period?
SNAC_LICENSE_ID char 32  √  null SNAC license ID
PTP_ONOFF tinyint 1 ((127)) Enabled state of Proactive threat protection is
0 = off
1 = on
2 = not installed
3 = off by admin policy
127 = unknown.
Default is 127
LAST_HEURISTIC_THREAT_TIME bigint 8 ((0)) Last time that SONAR detected a risk
BASH_STATUS tinyint 1 ((0)) SONAR status:
0 = off
1= on
2 = not installed
3 = off by policy
4 = malfunction
It was meant to be for more granular op-state, but currently, it is the same as PTP_ONOFF.< /internalUse>
DA_ONOFF tinyint 1 ((127)) Download advisor operational state
Enabled state of DA
0 = off
1 = on
2 = not installed
3 = off by admin policy
127 = unknown.
Default is 127
CIDS_DRV_ONOFF tinyint 1 ((127)) Network intrusion prevention status:
0 = off
1 = on
2 = not installed
3 = off by admin policy
127 = unknown.
Default is 127
CIDS_SILENT_MODE tinyint 1 ((0)) Is the IDS driver installed as an internal component for another protection technology, 0 = no, 1 = yes
CIDS_DRV_MULF_CODE tinyint 1 ((0)) IDS error code if its op-state = 4
: Possible values
enum NetworkProtectionErrors
{
eIPSOk = 0,
eIPSGeneralError,
eDriverNotLoaded,
eAutoblockFailure,
eIDSEngineManagerFailure,
eSignatureManagerFailure,
eNetworkExclisionManagerFailure,
eNetworkInfoManagerFailure,
eUDPTrafficManagerFailure,
eSymEfaManagerFailure,
eProcessTrackerFailure,
eSettingsManagerFailure,
eWFPHookManagerFailure,
eLastNetworkProtectionError = 0xffffffff
};
CIDS_BROWSER_IE_ONOFF tinyint 1 ((127)) Internet Explorer browser protection status (0-4 enumeration)
CIDS_BROWSER_FF_ONOFF tinyint 1 ((127)) FireFox browser protection status (0-4 enumeration)
CIDS_ENGINE_VERSION varchar 20  √  null IDS engine version
CIDS_DEFSET_VERSION varchar 20  √  null IDS definition version, this is not used in queries. The definition will be in SEM_CONTENT/PATTERN tables.
DEPLOY_STATUS int 4 ((0)) This is an integer sent by the client to represent the current deployment status. It can be generated by the client itself or by the installer.
302448896=Symantec Endpoint Protection Manager indicated an upgrade package for the client
302448897=The client decided to accept the upgrade package
302448898=The client decided to reject the upgrade package
302449152=The client has requested package information for the upgrade
302449153=The client has received package information for the upgrade
302449408=The client hasn't allowed the download of the upgrade package to start
302449409=The client has successfully downloaded and verified the upgrade package
302449664=The client failed to apply the upgrade package
302449665=The client failed to patch the delta
302449666=The client failed to launch the upgrade installer
302449667=The client successfully launched the final upgrade installer
302449920=The client is requesting the full version of the upgrade package due to the delta's failure
302456832=Install successful.
302460928=Install repair successful.
302465024=Uninstall successful.
302469120=Install failed, rolled back.
302469121=Install failed, insufficient disk space.
302469122=Install failed, launch condition.
302469123=Install failed, consumer product found.
302469124=Restart pending
302456833=Files copied.
302469125=Install failed, legacy enterprise edition found.
302469126=Install failed, non-elevated privileges.
302469127=Install failed, incompatible operating system.
DEPLOY_MSG nvarchar 8000  √  null This is a free form detailed message sent by the client to elaborate on the deployment status.
DEPLOY_PRE_VER varchar 64  √  null The agent version prior to a deployment action.
DEPLOY_TARGET_VER varchar 64  √  null The agent version the deployment action is trying to move to.
DEPLOY_RUNNING_VER varchar 64  √  null The current agent version
DEPLOY_TIMESTAMP bigint 8 ((0)) The time of the deployment action.
OS_BIT_TYPE varchar 8  √  null
ELAM_ONOFF tinyint 1 ((127))
OSELAM_STATUS tinyint 1 ((127))
VSIC_STATUS tinyint 1 ((127))
IS_NPVDI_CLIENT tinyint 1 ((0))
SVA_ID char 32  √  null
LAST_CONNECTED_IP_ADDR bigint 8  √  null

Analyzed at Mon Oct 29 12:07 PDT 2012

Indexes:
Column(s) Type Sort Constraint Name
AGENT_ID Primary key Asc PK_SEM_AGENT
STATUS + DELETED + AGENT_ID Performance Asc/Asc/Asc I_SEM_AGENT_AGENT_ID
AGENT_VERSION Performance Asc I_SEM_AGENT_AGENT_VERSION
COMPUTER_ID Performance Asc I_SEM_AGENT_COMPUTER_ID_PLUS
GROUP_ID Performance Asc I_SEM_AGENT_GRP
AGENT_ID Performance Asc I_SEM_AGENT_ID_PLUS
LAST_UPDATE_TIME + AGENT_ID + DELETED Performance Asc/Asc/Asc I_SEM_AGENT_LAST_UPDATE_TIME_PLUS
PATTERN_IDX + DOMAIN_ID + LAST_SITE_ID Performance Asc/Asc/Asc I_SEM_AGENT_PATTERN_IDX_PLUS
R_OS_TYPE + DELETED + STATUS + AGENT_ID Performance Asc/Asc/Asc/Asc I_SEM_AGENT_R_OS_TYPE_OUT_OF_DATE
DELETED + LAST_SITE_ID Performance Asc/Asc I_SEM_AGENT_RT
STATUS Performance Asc I_SEM_AGENT_STATUS
USN Performance Asc I_SEM_AGENT_USN