Running a registry based query
Hello, we have some computers which we need to find out the specific registry value in order to be able to update their OS. The path: HKEY_LOCAL_MACHINE\software\policies\Microsoft\Windows\WindowsUpdate\AU The value (Dword): NoAutoUpdate I want to find out which computers that are onboarded to defender for endpoint has this registry set to "1"/On. Thanks for help
DeviceFileCertificateInfo table
Hi All I want to play around with file reputation under MDATP Advanced hunting. The only place where I can find file information like this seems to be only under the DeviceFileCertificateInfo table (where I can find IsSigned and IsTrusted property). So far it's not that bad, but the issue I have is that this table uses data obtained from certificate verification activities regularly performed on files on endpoints. and doesn't seems to receive all the validation done at each time. Ex.: I execute a exe file from powershell but didn't see the executed file's hash in the DeviceFileCertificateInfo table. Is that normal ? Is there another place where I should find those information ? Thanks in advanced
