defensivedepth
11/15/2021, 2:33 PMWSC_SECURITY_PROVIDER::WSC_SECURITY_PROVIDER_ANTISPYWARE should be used only in operating systems prior to Windows 10, version 1607. As of Windows 10, version 1607, WSC continues to track the status for antivirus, but not for anti-spyware.
Ran across that note here: https://docs.microsoft.com/en-us/windows/win32/api/wscapi/ne-wscapi-wsc_security_provider
The antispyware column in this table relies on this: https://osquery.io/schema/5.0.1/#windows_security_center
I have confirmed that on a Win10 v20H2, osquery still returns Good
for this column.
I am thinking we probably need to deprecate that column. Thoughts?seph
11/17/2021, 3:43 AMdefensivedepth
11/17/2021, 2:08 PMantimalware
seph
11/17/2021, 3:00 PMdefensivedepth
11/29/2021, 2:39 PM