New Inventory: Windows Defender and XProtect Reports
We are excited to announce that we’ve added new Inventory to help provide extensive visibility into the built-in antivirus protection in macOS and Microsoft Windows. These are great for customers looking to pass SOC2 and other similar audits without needing to buy commercial antivirus.
XProtect is the primary component of macOS’ built-in antivirus apparatus. It works with Gatekeeper to prevent users from executing known malicious binaries. Previously Kolide could enumerate XProtect’s configuration, including its internal version, the hash of the signature files, and when they were last updated.
In addition to this visibility, Kolide can now collect the diagnostic reports XProtect emits when it blocks malware from executing.
These reports are beneficial because they can provide visibility into malware that may still be present on the device. They also provide you with a single pane of glass to view all detected threats in one place.
We’ve also added numerous new details about Windows Defender Antivirus, software that comes built into Microsoft Windows.
Previously, Kolide enumerated key details about antivirus through the Windows Security Center and Products APIs.
While this is helpful, we wanted to go a step further and provide significant detail around the operating status of Windows Defender and also enumerate any threats discovered during scans.
Again, like the XProtect Reports, this information is helpful because it can provide visibility into malware that may still be present on the device. It also provides you with a single pane of glass to view all detected threats in one place.
Privacy Center & Data Collection
Like all of our device properties, we have documented the purpose, privacy information, and a representative example data set, which a device will return in the Privacy Center.
We collect this data by default. If you don’t want to collect this data from your Windows devices, you can also take advantage of our data collection opt-out feature.