Search the Community

I am working on helpdesk remediation strategies for virus notifications. I have setup alerts and find that most viruses get cleaned so the machine does not show up in the at risk collection. I want to setup a collection where a machine is infected so my helpdesk can deploy a cleaning package if the machine cannot be replaced right away. I have setup a device collection with the following criteria however I wanted to make sure this is correct. Usint he GUI it is set to Criteria Antimalware Infection Status.ComputerStatus is equal to 2 sql view looks like this select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_AntimalwareInfectionStatus on SMS_G_System_AntimalwareInfectionStatus.ResourceId = SMS_R_System.ResourceId where SMS_G_System_AntimalwareInfectionStatus.ComputerStatus = 2 Jus want to confirm if this looks correct. Running the query shows 1 machine I know to be cleaned but recently infected, however it does not list a second machine listed in the infected computers report, however the report is looking at a week long data.