WSC_SECURITY_PROVIDER::WSC_SECURITY_PROVIDER_ANTISPYWARE should be used only in operating systems prior to Windows 10, version 1607. As of Windows 10, version 1607, WSC continues to track the status for antivirus, but not for anti-spyware.

Ran across that note here: https://docs.microsoft.com/en-us/windows/win32/api/wscapi/ne-wscapi-wsc_security_provider The antispyware column in this table relies on this: https://osquery.io/schema/5.0.1/#windows_security_center I have confirmed that on a Win10 v20H2, osquery still returns

Good

for this column. I am thinking we probably need to deprecate that column. Thoughts?

If the column is being deprecated, then we probably should deprecated it. Maybe we can conditionalize it on the OS? Is there a new way to get simialr info

The antiSpyware nomenclature is not used as much anymore. The industry typically refers to it all as

antimalware

Open an issue. Or PR. I don’t have much to say about it really.

Created an issue - https://github.com/osquery/osquery/issues/7399