You can use a Live Query SQL script to determine current status of background scans on Windows endpoints.
See Background Scans.
This query leverages Audit and Remediation to query the Windows event log. The query displays the latest Endpoint Standard background scan status. The background scan status event is sent to the Windows event viewer every time the system reboots.
Procedure
- On the left navigation pane, click Live Query>New Query and then click the SQL Query tab.
- Add a Query name, such as, Background Scan Status Check.
- Add the following SQL code and then click Run.
SELECT
CASE
WHEN data like "%IN_PROGRESS%" then "IN PROGRESS"
WHEN data like "%COMPLETE%" then "COMPLETE"
WHEN data like "%DISABLED%" then "DISABLED"
END "Background Scan Status"
, MAX(DATETIME(datetime)) AS "Scan Status Update Date and Time"
FROM
windows_eventlog where channel = 'Application' and eventid = '17' and data like '%BACKGROUND_SCAN%';
- In Live Query>Query Results, find and select the name of the query you created in Step 2.
Results
What The Data Shows: The query results display the latest background scan status (in progress, complete, disabled) as well as the date and time that the scan event was registered.