WD - MSE - SCEP - Microsoft Antimalware Audit - Windows
0 Votes |
Versioning - This is the latest version.
1 | WD - MSE - SCEP - Microsoft Antimalware Audit - Windows | 1/30/2014 1:56:11 PM |
2 | WD - MSE - SCEP - Microsoft Antimalware Audit - Windows | 1/30/2014 3:02:55 PM |
Description
Windows XP through Windows 7: Microsoft Security Essentials
Windows 8 and higher: Windows Defender
Managed version: System Center Endpoint Protection, formerly ForeFront
Windows Vista and Windows 7 also have something called "Windows Defender" which was much more limited than MSE. Windows 8 has both of these 'products' rolled into one name.
Latest Version of this Analysis can be found here: http://bigfix.me/analysis/details/2994633
Property Details
2994634 | |
Alpha - Code that was just developed | |
WD - MSE - SCEP - Microsoft Antimalware Audit - Windows | |
BESC | |
jgstew on 1/30/2014 3:02:55 PM | |
jgstew on 1/30/2014 3:02:55 PM | |
10560 Views / 44 Downloads | |
![]() ![]() ![]() ![]() ![]() |
Properties
ProductType
Period
2 days
* Results in a true/false |

values "ProductType" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)
AntiSpywareDisabled?
Period
2 days
* Results in a true/false |

values "DisableAntiSpyware" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)
File Versions
Period
2 days
* Results in a true/false |

(multiplicity of it, it) of unique values of versions of files whose(exists version of it) of folders ((if (version of client < "8.1") then it else if (x64 of operating system) then (expand x64 environment string of it) else (expand environment string of it)) of ((preceding texts of lasts "\" of (it as string)) of values "RemediationExe" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)))
Folder
Period
2 days
* Results in a true/false |

((if (version of client < "8.1") then it else if (x64 of operating system) then (expand x64 environment string of it) else (expand environment string of it)) of ((preceding texts of lasts "\" of (it as string)) of values "RemediationExe" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)))
#Days To Delete Quarantined
Period
2 days
* Results in a true/false |

(values "PurgeItemsAfterDelay" of keys "Quarantine" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry))
ReportUnknownsToMS?
Period
2 days
* Results in a true/false |

/* http://technet.microsoft.com/en-us/library/bb418859.aspx */ (unique values of (it as string) of values "SpyNetReporting" of keys "Spynet" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry))
AntiMalware Def. Version
Period
2 days
* Results in a true/false |

unique values of (it as string) of values whose(name of it = "ASSignatureVersion" OR name of it = "AVSignatureVersion") of keys "Signature Updates" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)
AntiMalware Engine Version
Period
2 days
* Results in a true/false |

unique values of (it as string) of values "EngineVersion" of keys "Signature Updates" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)
NetIntrusion Engine Version
Period
2 days
* Results in a true/false |

unique values of (it as string) of values "NISEngineVersion" of keys "Signature Updates" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)
NetIntrusion Def. Version
Period
2 days
* Results in a true/false |

unique values of (it as string) of values "NISSignatureVersion" of keys "Signature Updates" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)
Relevance
Windows Only (Relevance 2997197)

/* Windows Only */ windows of operating system

/* Windows Vista or Higher */ version of operating system >= "6.0"
Used in 2 analyses | * Results in a true/false |

( /* Check for MSE/SCEP install */ (exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client" of native registry) OR (exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry)) OR (/* Windows 8 or Higher has it built in */ version of operating system >= "6.2")
Sharing
Social Media: |
Comments
![]() |
|
https://technet.microsoft.com/en-us/library/ff715412.aspx |