I have created some custom endpoint protection reports that basically provide a list of servers and the status of endpoint protection on that machine from our SCCM 2012 R2 database. Fields I am using are:
v_GS_COMPUTER_SYSTEM.ResourceID
,v_GS_COMPUTER_SYSTEM.Model0
,v_GS_COMPUTER_SYSTEM.Name0
,v_GS_COMPUTER_SYSTEM.UserName0
,v_GS_AntimalwareHealthStatus.ProductStatus
,v_GS_AntimalwareHealthStatus.AntivirusEnabled
,v_GS_AntimalwareHealthStatus.AntispywareEnabled
,v_GS_AntimalwareHealthStatus.EngineVersion
,v_GS_AntimalwareHealthStatus.LastQuickScanDateTimeStart
,v_GS_AntimalwareHealthStatus.AntivirusSignatureAge
,v_GS_AntimalwareHealthStatus.AntivirusSignatureVersion
,v_GS_AntimalwareHealthStatus.Version
,v_ClientCollectionMembers.CollectionID
,v_CH_ClientSummary.LastActiveTime
,v_CH_ClientSummary.LastStatusMessage
,v_GS_AntimalwareHealthStatus.LastFullScanDateTimeStart
,v_GS_AntimalwareHealthStatus.LastQuickScanDateTimeEnd
,v_GS_AntimalwareHealthStatus.LastFullScanDateTimeEnd
,v_GS_AntimalwareHealthStatus.AntivirusSignatureUpdateDateTime
,v_GS_AntimalwareHealthStatus.AntispywareSignatureUpdateDateTime
,v_GS_AntimalwareHealthStatus.AntispywareSignatureVersion
I have noticed this issues The username is sometimes filled with NT AUTHORITY\SYSTEM and sometimes it is blank.
Any suggestions? Thank you in advance, Peter