Automating the FEP Dashboard

  • Article

Applies To: Forefront Endpoint Protection

You can use the Configuration Manager Windows Management Instrumentation (WMI) provider to automate retrieval of FEP dashboard information. The FEP dashboard displays important information about the security of your organization, such as the number of deployed clients, definition deployment status, number of client computers infected, and number of client computers with malware removed.

Each dashboard data set is represented by a Configuration Manager collection. The following example script demonstrates how to obtain a count of computers that belong to a specified collection.

Prerequisites

In order to create a script similar to the example in this topic, you must have the following prerequisite software:

  • Windows PowerShell (either version 1.0 or 2.0)

The following table lists the Configuration Manager collections that are used to populate the data for the FEP dashboard. To retrieve the dashboard data via a script, you must specify the appropriate Configuration Manager collection in the script.

Dashboard Area Collection Names

Deployment Status

Deployment Succeeded

Out of Date

Deployment Failed

Deployment Pending

Locally Removed

Not Targeted

Policy Distribution Status

Distribution Failed

Distribution in Progress

Policy Distributed

Definition Status

Up to Date

Up to 3 Days

Up to 7 Days

Older Than 1 Week

Malware Activity Status

Infected

Restart Required

Full Scan Required

Recent Activity

Health Status

Protection Inactive

Not Reporting

Healthy

The following example script retrieves dashboard data from the FEP database for the specified collection.

function GetDashboardInfo(
    $ConfigMgrServer,     # ConfigMgr WMI site provider to which to connect. e.g. MyServer
    $SiteCode,       # ConfigMgr site code. e.g. ABC
    $CollectionName) # Collection name for which count of computers should be returned. e.g. Infected. Use the table above to determine the collection name to query.
{        
    $ConfigMgrNamespace = "root\sms\site_$SiteCode"
    $ConfigMgrProviderPath = "\\" + (Join-Path $ConfigMgrServer $ConfigMgrNamespace)
    
    # Get the SMS collection to query    
    $Collection = Get-WmiObject -class "SMS_Collection" -filter "Name='$CollectionName'" -namespace $ConfigMgrNamespace -computername $ConfigMgrServer
    # Get the SMS_Collection class
    $SmsCollectionClass = [WmiClass]($ConfigMgrProviderPath + ":SMS_Collection")     
    $count = $SmsCollectionClass.GetNumResults($Collection).Result
        
    Write-Output "Count of computers in $CollectionName is $count"
    
    return $count
}