Title
#fleet
a

Avik Sengupta

02/09/2022, 10:02 PM
Does anyone have a query or a policy handy that checks if windows defender is enabled on a machine? Thanks!
Noah Talerman

Noah Talerman

02/09/2022, 11:03 PM
@Guillaume IIRC you’re currently working on a policy that checks this or something like it.
Guillaume

Guillaume

02/09/2022, 11:04 PM
Yes! I am adding it to the Fleet website tomorrow. @Avik Sengupta I’m going to give you one that is a regular query, and another one that is a policy query:
11:04 PM
This one lets you query normally:
SELECT antivirus, signatures_up_to_date from windows_security_center CROSS JOIN windows_security_products WHERE type = 'Antivirus';
11:05 PM
This one is the policy query
SELECT 1 from windows_security_center CROSS JOIN windows_security_products WHERE antivirus = 'Good' AND type = 'Antivirus' AND signatures_up_to_date=1;`
a

Avik Sengupta

02/09/2022, 11:06 PM
Thanks a ton, that's perfect!
Guillaume

Guillaume

02/10/2022, 11:29 AM
You're welcome!