Forum Discussion

M_Rice19044's avatar
M_Rice19044
Copper Contributor
Jul 07, 2022

Hunting query for MacOS - Antivirus version report

Hello all,

 

I've been testing for defender for few weeks and I have 2 questions. 1) Is there Antiviurs version report for MacOS. 2) Is there any resources for MacOS query.

 

I'm looking for a report of Antiviurs version report for MacOS, but I only found for Windows. 

 

Endpoint AV version report
When running this report, MacOS device appears on table, but no version information.

 

 

There's a report called Antivirus Agent Status on MEM and it's also Windows only.

 

I can retrieve MacOS client version information from Inventory > software > Find software called "Defender For Endpoint for Mac". then Export as CSV. 

 

Version information is available on Defender admin page, so I thought there's a way to run query for MacOS. I'd appreciated if any information for MacOS report. 

 

Thank you,

 

 

  • Hi M_Rice19044,

    You can use the following query to get MacOS version information via Advanced Hunting:

    DeviceTvmSecureConfigurationAssessment
    | where ConfigurationId == "scid-5095" and isnotnull(Context)
    | where OSPlatform =="macOS"
    | extend avdata=parsejson(Context)
    | extend AVSigVersion = tostring(avdata[0][0])
    | extend AVEngineVersion = tostring(avdata[0][1])
    | extend AVSigLastUpdateTime = tostring(avdata[0][2])
    | extend AVProductVersion = tostring(avdata[0][3])
    | project DeviceId, DeviceName, OSPlatform, AVSigVersion, AVEngineVersion, AVSigLastUpdateTime,AVProductVersion, IsCompliant, IsApplicable

    Thanks,
    Thomas

Resources