https://github.com/osquery/osquery logo
#fleet
Title
# fleet
a

Avik Sengupta

02/09/2022, 10:02 PM
Does anyone have a query or a policy handy that checks if windows defender is enabled on a machine? Thanks!
n

Noah Talerman

02/09/2022, 11:03 PM
@Guillaume IIRC you’re currently working on a policy that checks this or something like it.
g

Guillaume

02/09/2022, 11:04 PM
Yes! I am adding it to the Fleet website tomorrow. @Avik Sengupta I’m going to give you one that is a regular query, and another one that is a policy query:
This one lets you query normally:
SELECT antivirus, signatures_up_to_date from windows_security_center CROSS JOIN windows_security_products WHERE type = 'Antivirus';
ty 1
This one is the policy query
Copy code
SELECT 1 from windows_security_center CROSS JOIN windows_security_products WHERE antivirus = 'Good' AND type = 'Antivirus' AND signatures_up_to_date=1;`
ty 1
a

Avik Sengupta

02/09/2022, 11:06 PM
Thanks a ton, that's perfect!
g

Guillaume

02/10/2022, 11:29 AM
You're welcome!
5 Views