Since the scan logs are local on the users computers, a quick PowerShell script will parse out the relevant information for the user to see the local scan information. Note, this requires at least PowerShell 5, and I have a hard-coded path to a specific version of SEP which you will need to edit.
Function Convert-FromHexDate ($HexDate)
{
<#
.SYNOPSIS
Converts Hex Date (in Epoch time) in SEP Log to a human readable date.
.DESCRIPTION
#>
$Year = [int]("0x" + $HexDate.substring(0,2)) + 1970
$Month = [int]("0x" + $HexDate.substring(2,2)) + 1
$Day = [int]("0x" + $HexDate.substring(4,2))
$Hour = [int]("0x" + $HexDate.substring(6,2))
$Minute = [int]("0x" + $HexDate.substring(8,2))
$Second = [int]("0x" + $HexDate.substring(10,2))
return Get-Date -Year $Year -Month $Month -Day $Day -Hour $Hour -Minute $Minute -Second $Second
}
$pathToLogs = 'C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Data\Logs\AV\*.Log'
$headerForCsv = "Time", "Event", "3", "4", "Computer", "User", "7", "8", "9", "10", "11", "12", "13", "Description"
$lines = (Select-String -Path $pathToLogs -Pattern "Scan").Line | ConvertFrom-Csv -Header $headerForCsv
$lines = $lines | Select Time, Event, Computer, User, Description
$output = [System.Collections.ArrayList]::new()
foreach($line in $lines)
{
$line.Time = Convert-FromHexDate $line.Time
if($line.Event -eq "2"){$line.Event = "GL_EVENT_SCAN_STOP"}
elseif($line.Event -eq "3"){$line.Event = "GL_EVENT_SCAN_START"}
$output.Add($line) | Out-Null
}
$output
Original Message:
Sent: 08-07-2020 01:40 PM
From: Steve Rubin
Subject: Users have a requirement to see when the last full scan was run
Hi team;
we have a new requirement were certain users have to be able to see when the last full scan was run.
At this time we do have a password on when opening the sep client.
question as follows.
- Can we have separate passwords and policies based on the user who open the sep client.
- Can Sepm be set to send out to the individual user who was last logged in a scan report when the last full scan is run
Regards
------------------------------
S.R
------------------------------