```WSC SECURITY PROVIDER WSC SECURITY PROVIDER ANTISPYWARE s osquery #windows

```WSC_SECURITY_PROVIDER::WSC_SECURITY_PROVIDER_AN...

defensivedepth

11/15/2021, 2:33 PM

Copy code

WSC_SECURITY_PROVIDER::WSC_SECURITY_PROVIDER_ANTISPYWARE should be used only in operating systems prior to Windows 10, version 1607. As of Windows 10, version 1607, WSC continues to track the status for antivirus, but not for anti-spyware.

Ran across that note here: https://docs.microsoft.com/en-us/windows/win32/api/wscapi/ne-wscapi-wsc_security_provider The antispyware column in this table relies on this: https://osquery.io/schema/5.0.1/#windows_security_center I have confirmed that on a Win10 v20H2, osquery still returns

Good

for this column. I am thinking we probably need to deprecate that column. Thoughts?

seph

11/17/2021, 3:43 AM

If the column is being deprecated, then we probably should deprecated it. Maybe we can conditionalize it on the OS? Is there a new way to get simialr info

defensivedepth

11/17/2021, 2:08 PM

The antiSpyware nomenclature is not used as much anymore. The industry typically refers to it all as

antimalware

defensivedepth

11/17/2021, 2:08 PM

so the short answer is that there is no replacement, I think we just need to remove the column

seph

11/17/2021, 3:00 PM

Open an issue. Or PR. I don’t have much to say about it really.

seph

11/17/2021, 3:00 PM

(Like, I’m sure you’re correct, but I don’t know the windows internals)

defensivedepth

11/29/2021, 2:39 PM

Created an issue - https://github.com/osquery/osquery/issues/7399

5 Views

Open in Slack

Previous Next