WD - MSE - SCEP - Microsoft Antimalware Audit - Windows
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1WD - MSE - SCEP - Microsoft Antimalware Audit - Windows1/30/2014 1:56:11 PM
2WD - MSE - SCEP - Microsoft Antimalware Audit - Windows1/30/2014 3:02:55 PM

Description

Windows XP through Windows 7:  Microsoft Security Essentials

Windows 8 and higher:  Windows Defender

Managed version:  System Center Endpoint Protection, formerly ForeFront

Windows Vista and Windows 7 also have something called "Windows Defender" which was much more limited than MSE. Windows 8 has both of these 'products' rolled into one name.

 

Latest Version of this Analysis can be found here:  http://bigfix.me/analysis/details/2994633


Property Details

ID2994634
StatusAlpha - Code that was just developed
TitleWD - MSE - SCEP - Microsoft Antimalware Audit - Windows
DomainBESC
Added by on 1/30/2014 3:02:55 PM
Last Modified by on 1/30/2014 3:02:55 PM
Counters 1670 Views / 18 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

ProductType
Period 2 days
 
  * Results in a true/false
Show indented relevance
values "ProductType" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)
AntiSpywareDisabled?
Period 2 days
 
  * Results in a true/false
Show indented relevance
values "DisableAntiSpyware" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)
File Versions
Period 2 days
 
  * Results in a true/false
Show indented relevance
(multiplicity of it, it) of unique values of versions of files whose(exists version of it) of folders ((if (version of client < "8.1") then it else if (x64 of operating system) then (expand x64 environment string of it) else (expand environment string of it)) of ((preceding texts of lasts "\" of (it as string)) of values "RemediationExe" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)))
Folder
Period 2 days
 
  * Results in a true/false
Show indented relevance
((if (version of client < "8.1") then it else if (x64 of operating system) then (expand x64 environment string of it) else (expand environment string of it)) of ((preceding texts of lasts "\" of (it as string)) of values "RemediationExe" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)))
#Days To Delete Quarantined
Period 2 days
 
  * Results in a true/false
Show indented relevance
(values "PurgeItemsAfterDelay" of keys "Quarantine" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry))
ReportUnknownsToMS?
Period 2 days
 
  * Results in a true/false
Show indented relevance
/* http://technet.microsoft.com/en-us/library/bb418859.aspx */ (unique values of (it as string) of values "SpyNetReporting" of keys "Spynet" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry))
AntiMalware Def. Version
Period 2 days
 
  * Results in a true/false
Show indented relevance
unique values of (it as string) of values whose(name of it = "ASSignatureVersion" OR name of it = "AVSignatureVersion") of keys "Signature Updates" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)
AntiMalware Engine Version
Period 2 days
 
  * Results in a true/false
Show indented relevance
unique values of (it as string) of values "EngineVersion" of keys "Signature Updates" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)
NetIntrusion Engine Version
Period 2 days
 
  * Results in a true/false
Show indented relevance
unique values of (it as string) of values "NISEngineVersion" of keys "Signature Updates" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)
NetIntrusion Def. Version
Period 2 days
 
  * Results in a true/false
Show indented relevance
unique values of (it as string) of values "NISSignatureVersion" of keys "Signature Updates" of (keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry ; keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" of native registry)

Relevance

Windows Only (Relevance 2997197)
Used in 6447 fixlets and 32 analyses   * Results in a true/false
Show indented relevance
/* Windows Only */ windows of operating system
Used in 12 fixlets and 8 analyses   * Results in a true/false
Show indented relevance
/* Windows Vista or Higher */ version of operating system >= "6.0"
Used in 2 analyses   * Results in a true/false
Show indented relevance
( /* Check for MSE/SCEP install */ (exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client" of native registry) OR (exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" of native registry)) OR (/* Windows 8 or Higher has it built in */ version of operating system >= "6.2")

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
jgstew -
https://technet.microsoft.com/en-us/library/ff715412.aspx