Does anyone have a query or a policy handy that ch...
# fleeta
Avik Sengupta
02/09/2022, 10:02 PMDoes anyone have a query or a policy handy that checks if windows defender is enabled on a machine? Thanks!
n
Noah Talerman
02/09/2022, 11:03 PM@Guillaume IIRC you’re currently working on a policy that checks this or something like it.
g
Guillaume
02/09/2022, 11:04 PMYes! I am adding it to the Fleet website tomorrow. @Avik Sengupta I’m going to give you one that is a regular query, and another one that is a policy query:
Guillaume
02/09/2022, 11:04 PMThis one lets you query normally:
SELECT antivirus, signatures_up_to_date from windows_security_center CROSS JOIN windows_security_products WHERE type = 'Antivirus';ty 1
Guillaume
02/09/2022, 11:05 PMThis one is the policy query
Copy code
SELECT 1 from windows_security_center CROSS JOIN windows_security_products WHERE antivirus = 'Good' AND type = 'Antivirus' AND signatures_up_to_date=1;`ty 1
a
Avik Sengupta
02/09/2022, 11:06 PMThanks a ton, that's perfect!
g
Guillaume
02/10/2022, 11:29 AMYou're welcome!
5 Views