Title
#windows
defensivedepth

defensivedepth

11/15/2021, 2:33 PM
WSC_SECURITY_PROVIDER::WSC_SECURITY_PROVIDER_ANTISPYWARE should be used only in operating systems prior to Windows 10, version 1607. As of Windows 10, version 1607, WSC continues to track the status for antivirus, but not for anti-spyware.
Ran across that note here: https://docs.microsoft.com/en-us/windows/win32/api/wscapi/ne-wscapi-wsc_security_provider The antispyware column in this table relies on this: https://osquery.io/schema/5.0.1/#windows_security_center I have confirmed that on a Win10 v20H2, osquery still returns
Good
for this column. I am thinking we probably need to deprecate that column. Thoughts?
s

seph

11/17/2021, 3:43 AM
If the column is being deprecated, then we probably should deprecated it. Maybe we can conditionalize it on the OS? Is there a new way to get simialr info
defensivedepth

defensivedepth

11/17/2021, 2:08 PM
The antiSpyware nomenclature is not used as much anymore. The industry typically refers to it all as
antimalware
2:08 PM
so the short answer is that there is no replacement, I think we just need to remove the column
s

seph

11/17/2021, 3:00 PM
Open an issue. Or PR. I don’t have much to say about it really.
3:00 PM
(Like, I’m sure you’re correct, but I don’t know the windows internals)
defensivedepth

defensivedepth

11/29/2021, 2:39 PM