System Center Endpoint Protection for Mac

Old No Comments on System Center Endpoint Protection for Mac 74

Being an SCCM administrator in a Mac environment can be frustrating from time to time. The situation is not helped by the lack of a console for integrating endpoint data from Mac clients into your configuration manager console.   No need to fear.  There is a way to centrally track this information. Luckily for us Endpoint protection does keep a log file, however, it is buried way deep in the app package.  The path is:  /Applications/System Center 2012 Endpoint Protection/Contents/var/log/

The two files we are interested in are stats.onaccess and stats.ondemand

The method I’m using to centrally gather this method is through the creation of a configuration baseline and configuration Item.  You would use a discovery script. The script I use is a 1 liner:

grep infected /Applications/System\ Center\ 2012\ Endpoint\ Protection.app/Contents/var/log/stats.onaccess      you can change this to also access the stats.ondemand  log file in a separate configuration Item

Your compliance rule would use:   Contains  infected: 0

Author

Related Articles

Leave a comment

Back to Top