Endpoint Protection

 View Only

  • 1.  Application Report w/Computer Names?

    Posted May 04, 2011 03:11 PM

    Hello,

    I'm looking for a report that, based on a certian application Name and Version, will give me a list of clients that have run that application. More specifically...run that application over a date range.

    Such as: A report that shows me all machines that have executed Firefox Version 2 in the past 30 days. A direct SQL query would be my preference...but I'll take anything. wink

    Make sense?

    So far all I can do is get the list of applications that are NOT tied to a computer name....not very useful. frown

    Thanks for your time!

    -Mike



  • 2.  RE: Application Report w/Computer Names?

    Trusted Advisor
    Posted May 05, 2011 06:51 AM

    Hello,

    I beleive this could be achieved with the Help of Application Learning feature.

     

    Best Practices Guide to Application Learning in Symantec Endpoint Protection Manager (SEPM)
     
     
    How to set up learned applications in the Symantec Endpoint Protection Manager
     
     
    About the different types of Symantec Endpoint Protection Manager Reports
     

     

    However, the details specifically what you have discribed above could only be achieved via Quering SQL database.



  • 3.  RE: Application Report w/Computer Names?

    Posted May 05, 2011 07:20 AM

    Have a look at below schema information also

    http://www.symantec.com/business/support/index?page=content&id=DOC2411&key=54619&actp=LIST



  • 4.  RE: Application Report w/Computer Names?

    Posted May 05, 2011 09:29 AM

    @Mithun - yes, we have application learning enabled and I have been collecting data for a couple years.

    I agree...SQL is probably the only way to do this.

    @AravindKM - thanks for the bits of the schema. I have scoured over the full schema PDF and found no obvious links between the SEM_APPLICATION table and any of the tables related to the client (SEM_CLIENT, SEM_COMPUTER, SEM_AGENT, etc...)

    As the screen shot below shows, it is possible to get the information a computer at a time...but I need to gather bigger chunks of data to make this query worthwhile.

    So?? Any whiz bang Symantec SQL engineers out there willing to toss this old dog a bone??

    Thanks!

    -Mike



  • 5.  RE: Application Report w/Computer Names?

    Broadcom Employee
    Posted May 05, 2011 12:30 PM

    I think you could achieve this by setting up multiple criteria, something similar to:

    Search Field Comparison Value
    Last Modified time > 4/4/2011
    Last Modified time < 5/5/2011
    Application Name LIKE Firefox

    I don't have application learning turned in my test environment currently (or have any learned application data to test with) so I don't really have a test bed to confirm this, but I think it will get you what you are looking for.  There is also an application version search field you could use as well.



  • 6.  RE: Application Report w/Computer Names?

    Posted May 05, 2011 01:39 PM

    Ben,

    Thanks for the reply...your right, I could narrow my query this way but I would still be left only being able to view the "Details" of a single machine at a time. For whatever reason, the export function of the Applications Query does not export the Computer/Client name. sad So the only way for me to see the "Computer Name" is by choosing a single entry from the query results and then selecting "View Details". Needless to say if I had 1000 rows returned, finding the machine name for each would be quite tedious.

    Again, thanks for the input!

    -Mike



  • 7.  RE: Application Report w/Computer Names?

    Posted May 05, 2011 01:46 PM

    P.S. I just checked SEP 12 and does not include "Computer Name" in the "Search Applications" "Query Results" export. Guess it's time to put in a feature request.

    -Mike