We are excited to announce that we’ve added new Inventory to help provide extensive visibility into the built-in antivirus protection in macOS and Microsoft Windows. These are great for customers looking to pass SOC2 and other similar audits without needing to buy commercial antivirus.
XProtect is the primary component of macOS’ built-in antivirus apparatus. It works with Gatekeeper to prevent users from executing known malicious binaries. Previously Kolide could enumerate XProtect’s configuration, including its internal version, the hash of the signature files, and when they were last updated.
In addition to this visibility, Kolide can now collect the diagnostic reports XProtect emits when it blocks malware from executing.
These reports are beneficial because they can provide visibility into malware that may still be present on the device. They also provide you with a single pane of glass to view all detected threats in one place.
We’ve also added numerous new details about Windows Defender Antivirus, software that comes built into Microsoft Windows.
Previously, Kolide enumerated key details about antivirus through the Windows Security Center and Products APIs.
Again, like the XProtect Reports, this information is helpful because it can provide visibility into malware that may still be present on the device. It also provides you with a single pane of glass to view all detected threats in one place.
We collect this data by default. If you don’t want to collect this data from your Windows devices, you can also take advantage of our data collection opt-out feature.