You can run an SQL query against the ePO server database to obtain a list of current Exploit Prevention content signatures checked in to the ePO repository.
NOTE: It's recommended that you back up the SQL database before running any queries or updates against it.
To query the ePO database for ENS Threat Prevention content signatures:
- Open SQL Server Query Analyzer or SQL Server Management Studio.
- Select the ePO database in the database drop-down list.
- Copy and paste the following SQL statement into the query window:
SELECT EPOPolicySettingsMT.Name as 'Exploit Prevention Signature Name', EPOPolicySettingValuesMT.SettingValue as 'Associated CVE Numbers'FROM EPOPolicySettingsMT INNER JOIN
EPOPolicySettingValuesMT ON EPOPolicySettingsMT.PolicySettingsID = EPOPolicySettingValuesMT.PolicySettingsID
WHERE (EPOPolicySettingValuesMT.SettingValue LIKE '%cve%') AND (EPOPolicySettingsMT.Name LIKE N'BufferOverflowXP%' or EPOPolicySettingsMT.Name LIKE N'McAfee Default::Settings%')
- Click Execute.
- Right-click to save the results into the file format of your choice.