I do not need a solution (just sharing information)
Hello, I've been tasked with reporting on our exceptions, and because we support a large numbers of users and applications, we support hundreds of them. This function can report on thousands exceptions in just a few seconds, and you could output the results to a CSV if you wanted.
You'll need to provide credentials which both have access to the server hosting the SEPM and read access to the database (I strongly recommend against using an account with write access, such as the SEPM's database account).
Example: Get-SEPMExclusions | export-csv c:\temp\yourfile.csv
Function Get-SEPMExclusions {
param (
[Parameter(Mandatory=$true)]
[Alias('Name','ComputerName')]
[string]$ServerName,
[Parameter(Mandatory=$true)]
[System.Management.Automation.PSCredential]
[System.Management.Automation.Credential()]
$Credential
)
begin{
$Parm += @{ComputerName = $ServerName;Credential = $Credential}
$query = @"
SELECT e.NAME
,CONVERT(varchar(max),CONVERT(varbinary(max),e.CONTENT)) as XML
,e.DESCRIPTION
,s.NAME as DOMAIN
FROM BASIC_METADATA e WITH(NOLOCK)
INNER JOIN IDENTITY_MAP s
ON s.DOMAIN_ID=e.DOMAIN_ID
WHERE e.TYPE = 'PolicyOverride' AND E.DELETED = 1 AND s.TYPE = 'SemDomain'"@
$connectionString = "Server=LocalHost;Database=sem5;Trusted_Connection=True;"
}
Process{}
End{
$table = Invoke-Command -HideComputerName @Parm -ArgumentList $Query,$connectionString{
param($query,$connectionString)
if (!($connection)){
$connection = New-Object System.Data.SqlClient.SqlConnection
}
$connection.ConnectionString = $connectionString
$connection.Open()
$command = $connection.CreateCommand()
$command.CommandText = $query
$result = $command.ExecuteReader()
$table = new-object “System.Data.DataTable”
$table.Load($result)
$connection.Close()
$table
}
foreach ($item in $table){
([xml]($item.XML)).PolicyOverride.OverrideItem.SecurityRiskOverride | ForEach-Object {
if ($PSItem.InnerXML -eq $null) { return }
New-Object PSObject -Property @{
Domain = $item.DOMAIN
Name = $item.Name
ExclusionType = ($PSItem.innerxml -split "" -replace "<")[0]
XML = $PSItem.InnerXML
Path = $PSItem.DirectoryOverride.DirectoryPath,$PSItem.FileOverride.FilePath -join $null
ExcludeSubDirectories = $PSItem.DirectoryOverride.ExcludeSubDirectories,$PSItem.FilePath -join $null
Prefix = $PSItem.DirectoryOverride.PrefixVariable
ScanType = ( $PSItem.FileOverride.ProtectionTechnology.ScanType,$PSItem.DirectoryOverride.ScanType,$PSItem.Extension.ScanType | Where-Object {$_ -ne $null} ) -join ","
Extension = $PSItem.InnerText
} | %{ $PSItem.PSObject.TypeNames.Insert(0,"SEP.Exclusion");$PSItem }
}
}
}
<#
.SYNOPSIS
Queries a Symantec Endpoint Protection Manager for exceptions.
.DESCRIPTION
Queries a Symantec Endpoint Protection Manager for exceptions. To format output, you can update formatdata for "SEP.Exclusion"
.PARAMETER ServerName
The name of the SEPM you want to query.
.PARAMETER filePath
A credential object with credentials with both remote access to the server and read access to the SEP database
.EXAMPLE
Get-SEPMExclusions <your sepm hostname> -Credential <credential object>
Connect with a credential object.
.EXAMPLE
Get-SEPMExclusions <your sepm hostname>
Connect with prompt for credentials.
#>
}
0