Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

image.png

Why would a "snapshot" query tell me that the antivirus and firewall are both on and off at the same time? That doesn't make any sense!!!!

Maybe there's 2 firewalls and 2 antivirus? Idk, that is a confusing output. We'll look into it

I think Seph answered this in the <#C08V7KTJB|general> channel. Will follow there

<@U01T0F0MH0V> you were spot on, turns out as the user had installed Bitdefender, it was reporting as Bitdefender on, Microsoft Defender off.

Oh wow, good to know! Thanks <@U01DFNXHY92> for figuring out yet another mystery!