Hunting query for MacOS - Antivirus version report

New Contributor

Hello all,


I've been testing for defender for few weeks and I have 2 questions. 1) Is there Antiviurs version report for MacOS. 2) Is there any resources for MacOS query.


I'm looking for a report of Antiviurs version report for MacOS, but I only found for Windows. 


Endpoint AV version report
When running this report, MacOS device appears on table, but no version information.




There's a report called Antivirus Agent Status on MEM and it's also Windows only.



I can retrieve MacOS client version information from Inventory > software > Find software called "Defender For Endpoint for Mac". then Export as CSV. 



Version information is available on Defender admin page, so I thought there's a way to run query for MacOS. I'd appreciated if any information for MacOS report. 


Thank you,



2 Replies
Hi M_Rice19044,

You can use the following query to get MacOS version information via Advanced Hunting:

| where ConfigurationId == "scid-5095" and isnotnull(Context)
| where OSPlatform =="macOS"
| extend avdata=parsejson(Context)
| extend AVSigVersion = tostring(avdata[0][0])
| extend AVEngineVersion = tostring(avdata[0][1])
| extend AVSigLastUpdateTime = tostring(avdata[0][2])
| extend AVProductVersion = tostring(avdata[0][3])
| project DeviceId, DeviceName, OSPlatform, AVSigVersion, AVEngineVersion, AVSigLastUpdateTime,AVProductVersion, IsCompliant, IsApplicable

best response confirmed by M_Rice19044 (New Contributor)


Yes! It works so perfect!! Thank you so much!!!