Does anyone have a query or a policy handy that checks if wi

Question

Does anyone have a query or a policy handy that checks if windows defender is enabled on a machine Thanks

Noah Talerman · Answer

< Guillaume> IIRC you re currently working on a policy that checks this or something like it

Guillaume · Answer

Yes I am adding it to the Fleet website tomorrow < Avik Sengupta> I m going to give you one that is a regular query and another one that is a policy query

Guillaume · Answer

This one lets you query normally `SELECT antivirus signatures up to date from windows security center CROSS JOIN windows security products WHERE type = Antivirus `

Guillaume · Answer

This one is the policy query ```SELECT 1 from windows security center CROSS JOIN windows security products WHERE antivirus = Good AND type = Antivirus AND signatures up to date=1 ````

Avik Sengupta · Answer

Thanks a ton that s perfect

Guillaume · Answer

You re welcome