Long shot but here goes...
We are an Enterprise using SEP 12. A number of critical servers had problems with SEP so the decision was made to move to an unmanaged non enterprise AV platform, MS Security Essentials.
I want to at least have assurance that the AV is being updated so want to create an envision report to accomplish this. I've added the impacted servers and can see Microsoft Antimalware references if I run a Event Viewer-Message View and filter on this. I see all references to Microsoft Antimalware here. I've added a sample below.
|xx.xx.xx.xx||%NICWIN-4-System_2001_Microsoft: System,rn=6007 cid=0x00000000 eid=0x000007d1,Mon Jul 15 22:11:01 2013,2001,Microsoft Antimalware,None,Error,Servername,None,,Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:%b Previous Signature Version:%b1.153.1309.0 Update Source:%bMicrosoft Update Server Update Stage:%bSearch Source Path:%bhttp://www.microsoft.com Signature Type:%bAntiVirus Update Type:%bFull User:%bNT AUTHORITY \\SYSTEM Current Engine Version:%b Previous Engine Version:%b1.1.9607.0 Error code:%b0x80072efd Error description:%bA connection with the server could not be established|
When I try and create a new Query I cannot find any of the Microsoft Antimalware references when running it under the 'Windows' table. Is there any other location that I should be looking for this information. Am hoping someone else has come across this problem before.