Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/it-and-security
History
Allen Houchins db34c2362e
Update Windows Defender compliance check configuration (#40759) 
This pull request updates the Windows Defender compliance check policy
to improve detection accuracy and coverage. The main changes include
more robust checks for Defender features, support for policy-based
registry keys, and updates to documentation to reflect the expanded
feature set.

**Expanded compliance checks:**

* The query now checks both standard and policy registry keys for all
Defender features, ensuring that settings managed by group policy are
detected. (`windows-defender-compliance-check.yml`,
[it-and-security/lib/windows/policies/windows-defender-compliance-check.ymlL6-R70](diffhunk://#diff-ea811153c9930b3eb086d3238ec03b3abadd46142e2679bd0fecf94580dd4662L6-R70))
* Added a new check for anti-spyware protection (`antispyware_enabled`),
making sure this critical feature is enabled.
(`windows-defender-compliance-check.yml`,
[it-and-security/lib/windows/policies/windows-defender-compliance-check.ymlL6-R70](diffhunk://#diff-ea811153c9930b3eb086d3238ec03b3abadd46142e2679bd0fecf94580dd4662L6-R70))

**Improved accuracy:**

* All registry value comparisons now explicitly cast data to integers,
reducing false negatives due to type mismatches.
(`windows-defender-compliance-check.yml`,
[it-and-security/lib/windows/policies/windows-defender-compliance-check.ymlL6-R70](diffhunk://#diff-ea811153c9930b3eb086d3238ec03b3abadd46142e2679bd0fecf94580dd4662L6-R70))
* The Defender service running check now directly verifies the service
status instead of relying on registry values.
(`windows-defender-compliance-check.yml`,
[it-and-security/lib/windows/policies/windows-defender-compliance-check.ymlL6-R70](diffhunk://#diff-ea811153c9930b3eb086d3238ec03b3abadd46142e2679bd0fecf94580dd4662L6-R70))

**Documentation updates:**

* The policy description and resolution steps have been updated to
include anti-spyware protection and clarify the list of features
checked. (`windows-defender-compliance-check.yml`,
[it-and-security/lib/windows/policies/windows-defender-compliance-check.ymlL64-R81](diffhunk://#diff-ea811153c9930b3eb086d3238ec03b3abadd46142e2679bd0fecf94580dd4662L64-R81))
2026-02-27 22:52:22 -06:00
..
lib Update Windows Defender compliance check configuration (#40759) 2026-02-27 22:52:22 -06:00
teams Recategorize software (#40312) 2026-02-23 12:55:20 -06:00
default.yml Add XProtect reports query for Workstations team (#40755) 2026-02-27 21:37:58 -06:00