Compliance Packs (Windows)

The Compliance Packs category encompasses a range of dedicated solutions designed to facilitate and report on compliance with numerous security standards and regulations within the Windows environment. This encompasses monitoring and reporting on aspects such as Microsoft Defender Antivirus status, software compliance, and other vital security configurations crucial for safeguarding organizational assets. By leveraging these compliance packs, organizations can effortlessly conform to industry standards, regulatory mandates, and internal security protocols, thus ensuring a secure and compliant operational landscape.

Microsoft Defender Compliance Pack (Win)

Work in progress. Check back tomorrow (Feb 15) and we hope you will attend the Roadshow.


This will be a guide to take FileWave usage one major step further than simply installing an application like Microsoft Defender. In this article you will see how to use Custom Fields, Smart Groups, Filesets, and Grafana to report on the status of your fleet. You can apply these ideas to other software solutions where you need to know if they are working, and to potentially fix them.


The Problem

You are managing hundreds or thousands of macOS or Windows devices, and need to understand if your environment is secure. Today you have been told to deploy Microsoft Defender and to provide reporting to your CISO demonstrating that you have Anti-Malware protection in place, and that it is operating correctly.

Get started with this like any other deployment project:

Test and Verify:



Installers on Windows are usually an EXE or an MSI. In this case a BAT file is provided by Microsoft because Defender is part of Windows. 

Did you know that you can execute scripts in Filesetsand each kind runs in a specific order and time?

How could the Uninstallation Scripts be helpful? Think about later when you may want to remove the deployed software.

For the Deployment phase see this article on installation: Microsoft Defender Recipe (Win)



Queries/Reports are an easy way to keep track of progress and problems. We’ve made some Custom Fields for Defender, and we can leverage them to show who is missing Defender.

FileWave also has installed application reporting but depending on your needs and how that application reports itself you can consider either method.

To use the custom fields you will want to download Defender Custom Fields.customfields and then add them to your server. Do this in FileWave Central -> Assistants -> Custom Fields -> Edit Custom Field Definitions. Here you will click Import and then pick the file you downloaded. This file has fields that will work for both macOS and Windows. Once added you'll want to enable them for a couple of devices at first. To do that go to FileWave Central -> Clients and right click on a device and pick Edit Custom Field Associations. There you can check the boxes to enable these new fields. When you are happy with these Custom Fields, you'll want to go back to Edit Custom Field Definitions and pick "Assigned to all Devices" for each of the fields.

Custom Fields based on scripts always need to be tested.

Now that you have your Custom Fields in place you should have some results. You can see them by going to Clients -> Customize Columns in the Toolbar, and then adding a couple of the custom fields to just see their values. You could also double click on any device in Clients that has the field active and see the values on the Device Details tab. 

Let's move on to making a Query in Central. Click the New Query button in the Toolbar. Ignore the copies of the field below with a "2" as this is my lab. Notice that I used "Defender Healthy" as a Custom Field to test if Defender is healthy. I want to make sure that the field is populated so I check that it's not null, and I want to find unhealthy so I'm going to look for devices where it is false.  


To find devices missing Defender notice that the App Version Custom Field can be used. If it is null (empty) then there is no Defender installed.