Forum Discussion
M_Rice19044
Jul 07, 2022Copper Contributor
Hunting query for MacOS - Antivirus version report
Hello all,
I've been testing for defender for few weeks and I have 2 questions. 1) Is there Antiviurs version report for MacOS. 2) Is there any resources for MacOS query.
I'm looking for a report of Antiviurs version report for MacOS, but I only found for Windows.
Endpoint AV version report
When running this report, MacOS device appears on table, but no version information.
There's a report called Antivirus Agent Status on MEM and it's also Windows only.
I can retrieve MacOS client version information from Inventory > software > Find software called "Defender For Endpoint for Mac". then Export as CSV.
Version information is available on Defender admin page, so I thought there's a way to run query for MacOS. I'd appreciated if any information for MacOS report.
Thank you,
- Thomas_Doucette
Microsoft
Hi M_Rice19044,
You can use the following query to get MacOS version information via Advanced Hunting:
DeviceTvmSecureConfigurationAssessment
| where ConfigurationId == "scid-5095" and isnotnull(Context)
| where OSPlatform =="macOS"
| extend avdata=parsejson(Context)
| extend AVSigVersion = tostring(avdata[0][0])
| extend AVEngineVersion = tostring(avdata[0][1])
| extend AVSigLastUpdateTime = tostring(avdata[0][2])
| extend AVProductVersion = tostring(avdata[0][3])
| project DeviceId, DeviceName, OSPlatform, AVSigVersion, AVEngineVersion, AVSigLastUpdateTime,AVProductVersion, IsCompliant, IsApplicable
Thanks,
Thomas- M_Rice19044Copper Contributor