Added AV Policies + Re-ordered (#4171)

* Added AV Policies + Re-ordered Added a policy to check AV health for every OS. Re-ordered policies in alphabetical order. * Update frontend/utilities/constants.ts Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> * Update frontend/utilities/constants.ts Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> * Update frontend/utilities/constants.ts Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> * Update frontend/utilities/constants.ts Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> * Removed extra carriage return * Fixed linting issue Added CRs where expected by linter Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2026-05-24 09:28:54 +00:00 · 2022-02-14 16:51:29 -05:00 · 2022-02-14 16:51:29 -05:00 · 381d3b4206
commit 381d3b4206
parent aa9e257a2a
1 changed files with 64 additions and 31 deletions
--- a/frontend/utilities/constants.ts
+++ b/frontend/utilities/constants.ts
@ -16,7 +16,51 @@ export const DEFAULT_GRAVATAR_LINK =
 export const DEFAULT_POLICIES = [
  {
    key: 1,
-    query: `SELECT 1 FROM disk_encryption WHERE user_uuid IS NOT "" AND filevault_status = 'on' LIMIT 1`,
+    query:
+      "SELECT score FROM (SELECT case when COUNT(*) = 2 then 1 ELSE 0 END AS score FROM processes WHERE (name = 'clamd') OR (name = 'freshclam')) WHERE score == 1;",
+    name: "Antivirus healthy (Linux)",
+    description:
+      "Checks that both ClamAV's daemon and its updater service (freshclam) are running.",
+    resolution: "Ensure ClamAV and Freshclam are installed and running.",
+    platform: "linux",
+  },
+  {
+    key: 2,
+    query:
+      "SELECT 1 FROM managed_policies WHERE domain = 'com.apple.Terminal' AND name = 'SecureKeyboardEntry' AND value = 1 LIMIT 1;",
+    name: "Antivirus healthy (macOS)",
+    description:
+      "Checks the version of Malware Removal Tool (MRT) and the built-in macOS AV (Xprotect). Replace version numbers with latest version regularly.",
+    resolution:
+      "To enable automatic security definition updates, on the failing device, select System Preferences > Software Update > Advanced > Turn on Install system data files and security updates.",
+    platform: "darwin",
+  },
+  {
+    key: 3,
+    query:
+      "SELECT 1 from windows_security_center wsc CROSS JOIN windows_security_products wsp WHERE antivirus = 'Good' AND type = 'Antivirus' AND signatures_up_to_date=1;",
+    name: "Antivirus healthy (Windows)",
+    description:
+      "Checks the status of antivirus and signature updates from the Windows Security Center.",
+    resolution:
+      "Ensure Windows Defender or your third-party antivirus is running, up to date, and visible in the Windows Security Center.",
+    platform: "windows",
+  },
+  {
+    key: 4,
+    query:
+      "SELECT 1 FROM managed_policies WHERE domain = 'com.apple.loginwindow' AND name = 'com.apple.login.mcx.DisableAutoLoginClient' AND value = 1 LIMIT 1;",
+    name: "Automatic login disabled (macOS)",
+    description:
+      "Required: You’re already enforcing a policy via Moble Device Management (MDM). Checks to make sure that the device user cannot log in to the device without a password.",
+    resolution:
+      "The following example profile includes a setting to disable automatic login: https://github.com/gregneagle/profiles/blob/fecc73d66fa17b6fa78b782904cb47cdc1913aeb/loginwindow.mobileconfig#L64-L65.",
+    platform: "darwin",
+  },
+  {
+    key: 5,
+    query:
+      "SELECT 1 FROM disk_encryption WHERE user_uuid IS NOT '' AND filevault_status = 'on' LIMIT 1;",
    name: "Full disk encryption enabled (macOS)",
    description:
      "Checks to make sure that full disk encryption (FileVault) is enabled on macOS devices.",
@ -25,17 +69,7 @@ export const DEFAULT_POLICIES = [
    platform: "darwin",
  },
  {
-    key: 2,
-    query: "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1",
-    name: "Gatekeeper enabled (macOS)",
-    description:
-      "Checks to make sure that the Gatekeeper feature is enabled on macOS devices. Gatekeeper tries to ensure only trusted software is run on a mac machine.",
-    resolution:
-      "To enable Gatekeeper, on the failing device, run the following command in the Terminal app: /usr/sbin/spctl --master-enable.",
-    platform: "darwin",
-  },
-  {
-    key: 3,
+    key: 6,
    query: "SELECT 1 FROM bitlocker_info WHERE protection_status = 1;",
    name: "Full disk encryption enabled (Windows)",
    description:
@ -45,29 +79,17 @@ export const DEFAULT_POLICIES = [
    platform: "windows",
  },
  {
-    key: 4,
-    query:
-      "SELECT 1 FROM sip_config WHERE config_flag = 'sip' AND enabled = 1;",
-    name: "System Integrity Protection enabled (macOS)",
+    key: 7,
+    query: "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
+    name: "Gatekeeper enabled (macOS)",
    description:
-      "Checks to make sure that the System Integrity Protection feature is enabled.",
+      "Checks to make sure that the Gatekeeper feature is enabled on macOS devices. Gatekeeper tries to ensure only trusted software is run on a mac machine.",
    resolution:
-      "To enable System Integrity Protection, on the failing device, run the following command in the Terminal app: /usr/sbin/spctl --master-enable.",
+      "To enable Gatekeeper, on the failing device, run the following command in the Terminal app: /usr/sbin/spctl --master-enable.",
    platform: "darwin",
  },
  {
-    key: 5,
-    query:
-      "SELECT 1 FROM managed_policies WHERE domain = 'com.apple.loginwindow' AND name = 'com.apple.login.mcx.DisableAutoLoginClient' AND value = 1 LIMIT 1",
-    name: "Automatic login disabled (macOS)",
-    description:
-      "Required: You’re already enforcing a policy via Moble Device Management (MDM). Checks to make sure that the device user cannot log in to the device without a password.",
-    resolution:
-      "The following example profile includes a setting to disable automatic login: https://github.com/gregneagle/profiles/blob/fecc73d66fa17b6fa78b782904cb47cdc1913aeb/loginwindow.mobileconfig#L64-L65.",
-    platform: "darwin",
-  },
-  {
-    key: 6,
+    key: 8,
    query:
      "SELECT 1 FROM managed_policies WHERE domain = 'com.apple.MCX' AND name = 'DisableGuestAccount' AND value = 1 LIMIT 1;",
    name: "Guest users disabled (macOS)",
@ -78,7 +100,7 @@ export const DEFAULT_POLICIES = [
    platform: "darwin",
  },
  {
-    key: 7,
+    key: 9,
    query:
      "SELECT 1 FROM managed_policies WHERE domain = 'com.apple.Terminal' AND name = 'SecureKeyboardEntry' AND value = 1 LIMIT 1;",
    name: "Secure keyboard entry for Terminal.app enabled (macOS)",
@ -87,6 +109,17 @@ export const DEFAULT_POLICIES = [
    resolution: "",
    platform: "darwin",
  },
+  {
+    key: 10,
+    query:
+      "SELECT 1 FROM sip_config WHERE config_flag = 'sip' AND enabled = 1;",
+    name: "System Integrity Protection enabled (macOS)",
+    description:
+      "Checks to make sure that the System Integrity Protection feature is enabled.",
+    resolution:
+      "To enable System Integrity Protection, on the failing device, run the following command in the Terminal app: /usr/sbin/spctl --master-enable.",
+    platform: "darwin",
+  },
 ] as IPolicyNew[];

 export const FREQUENCY_DROPDOWN_OPTIONS = [