Please refer the script, to monitor when restore point created in your system.
This script will display or alert when a restore point is created, it will show you the information like time when the restore point was created and further details.
Please run the script as system administrator.
# The script is a template to check UAC status on device.
import os
import sys
import _winreg
def alert(arg):
sys.stderr.write("%d%d%d" % (arg, arg, arg))
# Please use "alert(1)" to turn on the monitor(trigger an alert)
# Please use "alert(0)" to turn off the monitor(disable an alert)
# Please do not change above block and write your script below
def res():
import os
import re
import xml.etree.ElementTree as ET
import getpass
import socket
print "USER NAME: "+getpass.getuser()
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(("8.8.8.8", 80))
print "IP-ADDRESS : "+(s.getsockname()[0])
from time import gmtime, strftime
time=strftime("%Y-%m-%d %H:%M:%S", gmtime())
event_logs=os.popen('wevtutil qe Application /f:text /c:30 /rd:True').read()
reg_log=re.findall('Event\sID:\s8194',event_logs)
get_reg=0
for id in reg_log:
if id=='Event ID: 8194':
get_reg=get_reg+1
if get_reg>0:
alert(1)
print ' Successfully created restore point'
event_logs=os.popen('wevtutil qe Application /f:xml /c:30 /rd:True |findstr ="Event ID: 8194" ').read()
k=re.search('<System>.*<?System>',event_logs)
v=k.group()
print '
'
print 'Here are the following details :'
print '
'
xml = ET.fromstring(v)
for i in xml.getchildren():
if i.attrib != {}:
print i.tag, i.attrib
else:
if i.text is not None:
print i.tag, i.text
else:
print 'Failed to created restore point'
alert(0)
res()
Sample Output:
20170615-restore_k.json (2.51 KB)