I have a request for a report to get the list of Excluded files and folders / file types and processes of SCCM Antimalware Policy. I found a lot of information, but not those ones.
EDIT: sorry, can't post the associated picture, can be found here: https://i.sstatic.net/65Q66chB.png
and I didn't see any views like 'v_AM_ExcludedFilePaths' may be a right issue on database ?
thanks in advance PS: seems using the MCM 2309 release
As far as I can tell (we don't really use EP) the configs are stored in
vSMS_AntimalwareConfig with the ConfigID Taken from vSMS_AntimalwareSettings and the PropertyName you are looking for is ExcludedFilePaths. So a query like this:
SELECT amc.PropertyName, amc.XmlValue FROM vSMS_AntimalwareSettings ams
left join vSMS_AntimalwareConfig amc on amc.SettingsID = ams.ID
where ams.Name = '<your policy name>' and amc.PropertyName like 'Exclude%'
should work. Of course this is in XML form so not ideal for a report. So you probably have to do something like this:
SELECT amc.PropertyName, amc.XmlValue, tag.name.value('.','nvarchar(max)') AS ExcludedPaths FROM vSMS_AntimalwareSettings ams
LEFT JOIN vSMS_AntimalwareConfig amc on amc.SettingsID = ams.ID
OUTER APPLY amc.XmlValue.nodes('/StringArrayXML/Value') tag(name)
WHERE ams.Name = '<your policy name>' AND amc.PropertyName = 'ExcludedFilePaths'
(I'm not super knowledgeable with those XML transformations so maybe there is a better way)