Hide the deprecate antispyware column in windows_security_center
#7411
Conversation
|
1 similar comment
|
|
Hello @iko1, thanks for the PR! I was wondering if it's worth to mark the column as hidden since it's no longer useful. Before we can merge it however, the EasyCLA check needs to pass. |
|
I do think marking it as hidden would be useful. |
|
Hello @iko1! Would it be possible to correct the EasyCLA status check? The email address that is being used must be added to the GitHub profile and then verified. EDIT: Closing and re-opening the PR fixed the issue! 👍 |
Hi, I've already fixed the EasyCLA check. I can see that check is passed. Thanks. |
| @@ -4,7 +4,7 @@ schema([ | |||
| Column("firewall", TEXT, "The health of the monitored Firewall (see windows_security_products)"), | |||
| Column("autoupdate", TEXT, "The health of the Windows Autoupdate feature"), | |||
| Column("antivirus", TEXT, "The health of the monitored Antivirus solution (see windows_security_products)"), | |||
| Column("antispyware", TEXT, "The health of the monitored Antispyware solution (see windows_security_products)"), | |||
| Column("antispyware", TEXT, "Deprecated (always 'Good').", hidden=True), | |||
There was a problem hiding this comment.
Does it make sense to also remove the underlying API call? (Maybe not -- I'm sure it will remain supported for years)
There was a problem hiding this comment.
I was under the impression that this value was still useful on old Windows versions that we still support, so I imagined we wanted to keep the API call there. If this is not at all useful, then we should probably remove the call too
There was a problem hiding this comment.
I'm totally fine to delete the underlying API call, due to the fact that spyware engine doesn't get updates anymore from Microsoft. Properly the only way to get informative diagnostic from this column is from environments that doesn't connect to the internet and run Windows 10 before version 1607 (release date: 2/8/2016).
@directionless, may i delete the underlying API call in order to complete this PR?
There was a problem hiding this comment.
If we think it's useful on older windows versions, then we may as well leave it. We can always remove it as those phase out.
directionless
changed the title
antispyware column in windows_security_center
…squery#7411) This column is deprecated, and on modern windows machines always returns true. Hide it.
…2 to master * commit 'c97a1b416492585e049010deea36d2992b680556': (52 commits) Fix user_time and system_time unit in processes table on M1 (osquery#7473) Add BOOST_USE_ASAN define when enabling Asan (osquery#7469) Removing unnecessary macOS version check (osquery#7451) Add `utc` flag back for compatibility(osquery#7460) Add osquery version to macOS app bundle Info.plist (osquery#7452) Fix submodule cache for macOS CI runner (osquery#7456) New Table: Windows Firewall Rules (osquery#7403) Remove utc flag from example config file (osquery#7437) Update the ATC table `path` column check to be case insensitive (osquery#7442) Fix typos in documentation (osquery#7443) Fix a crash when Yara uses its own strutils functions (osquery#7439) Update `time` table to reflect UTC values (osquery#7276) Update sqlite to version 3.37.0 (osquery#7426) Fix linking of thirdparty_sleuthkit (osquery#7425) Apple Silicon support (osquery#7330) Fix how we disable tables in the fuzzer init method (osquery#7419) Prevent running discovery queries when fuzzing (osquery#7418) Hide the deprecate `antispyware` column in `windows_security_center` (osquery#7411) Fix typo in docs (osquery#7412) CHANGELOG 5.1.0 (osquery#7406) ...
related to #7399
code is still fetching the spyware engine status. I guess it should be deleted at the same time with first Windows version that doesn't support this column.