Hi. My organization has this weird audit requirement to monitor SEP(Symantec Endpoint Protection) full scan not completed within the last 2 weeks. To my SCOM knowledge, I know there should probably be 2 ways to go about doing this;
1. log file monitoring based on event logs (Event ID 2: scan complete)
2. custom script
However I don't think i can configure the monitoring to check if the scan was done last 2 weeks if i do it by no.1. As such I am seeking advice on this and if anyone has any idea on the custom script.
P.s I tried to search for SEP management pack as well but can't seem to find any link to download. Not sure if the MP would help anyway.
Thanks in advance!