Contents

Changelog

New Inventory: Windows Defender and XProtect Reports

May 5th, 2022

We are excited to announce that we’ve added new Inventory to help provide extensive visibility into the built-in antivirus protection in macOS and Microsoft Windows. These are great for customers looking to pass SOC2 and other similar audits without needing to buy commercial antivirus.

XProtect Reports

XProtect is the primary component of macOS’ built-in antivirus apparatus. It works with Gatekeeper to prevent users from executing known malicious binaries. Previously Kolide could enumerate XProtect’s configuration, including its internal version, the hash of the signature files, and when they were last updated.

In addition to this visibility, Kolide can now collect the diagnostic reports XProtect emits when it blocks malware from executing.

A screenshot of macOS showing

What a User sees when XProtect blocks malware from executing.

These reports are beneficial because they can provide visibility into malware that may still be present on the device. They also provide you with a single pane of glass to view all detected threats in one place.

Windows Defender

We’ve also added numerous new details about Windows Defender Antivirus, software that comes built into Microsoft Windows.

Previously, Kolide enumerated key details about antivirus through the Windows Security Center and Products APIs.

The Security Center APIs are visualized into widgets on the device details.

While this is helpful, we wanted to go a step further and provide significant detail around the operating status of Windows Defender and also enumerate any threats discovered during scans.

Again, like the XProtect Reports, this information is helpful because it can provide visibility into malware that may still be present on the device. It also provides you with a single pane of glass to view all detected threats in one place.

Privacy Center & Data Collection

Like all of our device properties, we have documented the purpose, privacy information, and a representative example data set, which a device will return in the Privacy Center.

We collect this data by default. If you don’t want to collect this data from your Windows devices, you can also take advantage of our data collection opt-out feature.

Share this story:

More articles you
might enjoy:

Perspectives
Is Windows Defender Enough to Pass SOC 2?
Jason Meller
Changelog
Support for the New M1 MacBook Pros
Kolide
Tutorials
How to Monitor macOS Hosts With Osquery
Kolide
Try Kolide Free
Try Kolide Free