osquery_policy (table) Content

01K552HX48BFWENNVTR65S15WR Ad tracking is limited (macOS) SELECT CASE WHEN EXISTS (SELECT 1 FROM managed_policies WHERE domain='com.apple.AdLib' AND name='forceLimitAdTracking' AND value='1' LIMIT 1) THEN 'true' ELSE 'false' END AS policy_result; Checks that a mobile device management (MDM) solution configures the Mac to limit advertisement tracking. Pass Fail Contact your IT administrator to ensure your Mac is receiving a profile that disables advertisement tracking. ["darwin"]
01K552HX48BZJTYTY4BWF8VFPA Antivirus healthy (Linux) SELECT score FROM (SELECT CASE WHEN COUNT(*) = 2 THEN 'true' ELSE 'false' END AS score FROM processes WHERE (name = 'clamd') OR (name = 'freshclam')) WHERE score = 'true'; Checks that both ClamAV's daemon and its updater service (freshclam) are running. Pass Fail Ensure ClamAV and Freshclam are installed and running. ["linux","windows","darwin"]
01K552HX48B134KZC95RE3A66K Antivirus healthy (macOS) SELECT score FROM (SELECT case when COUNT(*) = 2 then 1 ELSE 0 END AS score FROM plist WHERE (key = 'CFBundleShortVersionString' AND path = '/Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist' AND value>=2162) OR (key = 'CFBundleShortVersionString' AND path = '/Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist' and value>=1.93)) WHERE score == 1; Checks the version of Malware Removal Tool (MRT) and the built-in macOS AV (Xprotect). Replace version numbers with the latest version regularly. Pass Fail To enable automatic security definition updates, on the failing device, select System Preferences > Software Update > Advanced > Turn on Install system data files and security updates. ["darwin"]
01K552HX48CYYWY1H35C5F1KFK Antivirus healthy (Windows) SELECT 1 from windows_security_center wsc CROSS JOIN windows_security_products wsp WHERE antivirus = 'Good' AND type = 'Antivirus' AND signatures_up_to_date=1; Checks the status of antivirus and signature updates from the Windows Security Center. Pass Fail Ensure Windows Defender or your third-party antivirus is running, up to date, and visible in the Windows Security Center. ["windows"]
01K552HX484MQRBGR5NEVZ08BS Automatic installation of application updates is enabled (macOS) SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='AutomaticallyInstallAppUpdates' AND value=1 LIMIT 1; Checks that a mobile device management (MDM) solution configures the Mac to automatically install updates to App Store applications. Pass Fail Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic installation of application updates. ["darwin"]
01K552HX48VXNRT8Q4FCE1X4QA Automatic installation of operating system updates is enabled (macOS) SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='AutomaticallyInstallMacOSUpdates' AND value=1 LIMIT 1; Checks that a mobile device management (MDM) solution configures the Mac to automatically install operating system updates. Pass Fail Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic installation of operating system updates. ["darwin"]
01K552HX48NFHXP6Y990F22M7F Ensure 'Minimum password length' is set to '14 or more characters' SELECT 1 FROM security_profile_info WHERE minimum_password_length >= 14; This policy setting determines the least number of characters that make up a password for a user account. Pass Fail Automatic method: Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 14 or more characters 'Computer ConfigurationPoliciesWindows SettingsSecurity SettingsAccount PoliciesPassword PolicyMinimum password length' ["windows"]