Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Get started Guides Vitals Queries Policies Software Data tables API SUPPORT Chat Contribute Release notes "Why is Fleet on my computer?" Get your license
Stories
What people are saying News Ask around Take a tour Meetups COMPANY Origins   (Fleet & osquery) The handbook Logos/artwork Why open source?
Pricing Try it yourself
Get antivirus status from the Windows Security Center

Get antivirus status from the Windows Security Center

Selects the antivirus and signatures status from Windows Security Center.

To learn more about queries, check this guide

SELECT antivirus, signatures_up_to_date from windows_security_center CROSS JOIN windows_security_products WHERE type = 'Antivirus';
$avProducts = Get-CimInstance -Namespace 'root\SecurityCenter2' -ClassName AntiVirusProduct -ErrorAction SilentlyContinue $results = foreach ($av in $avProducts) {
    # Extract signature status from productState. Note: this interpretation may vary between AV products.
    # The productState is a 32-bit integer. Shifting right 16 bits isolates the signature status.
    $sigStatus = ($av.productState -shr 16) -band 0xFF
    # Conventionally, a value of 16 (0x10) indicates signatures are up to date.
    $signaturesUpToDate = ($sigStatus -eq 16)
    [PSCustomObject]@{
        antivirus              = $av.displayName
        signatures_up_to_date  = $signaturesUpToDate
    }
} $results | Format-Table -AutoSize
An icon indicating that this section has important information

PowerShell commands are currently work in progress, contributions welcome.

Platform

macOS Windows Linux ChromeOS
Suggest an editEdit