# Compliance Packs (Windows)

The Compliance Packs category encompasses a range of dedicated solutions designed to facilitate and report on compliance with numerous security standards and regulations within the Windows environment. This encompasses monitoring and reporting on aspects such as Microsoft Defender Antivirus status, software compliance, and other vital security configurations crucial for safeguarding organizational assets. By leveraging these compliance packs, organizations can effortlessly conform to industry standards, regulatory mandates, and internal security protocols, thus ensuring a secure and compliant operational landscape.

# Microsoft Defender Compliance Pack (Win)

## Description

This will be a guide to take FileWave usage one major step further than simply installing an application like Microsoft Defender. In this article you will see how to use Custom Fields, Smart Groups, Filesets, and Grafana to report on the status of your fleet. You can apply these ideas to other software solutions where you need to know if they are working, and to potentially fix them.

## Ingredients

- - FileWave Central
    - [Microsoft Defender Recipe (Win)](https://kb.filewave.com/books/software-deployment-recipes-microsoft/page/microsoft-defender-recipe-win "Microsoft Defender Recipe (Win)")
    - [Defender Custom Fields.customfields](https://kb.filewave.com/attachments/305)
    - [Defender Update Defs (Win).fileset.zip](https://kb.filewave.com/attachments/306)
    - [Defender Run Scan (Win).fileset.zip](https://kb.filewave.com/attachments/307)

## The Problem

<span class="TextRun SCXP216804036 BCX8" lang="en-us"><span class="NormalTextRun SCXP216804036 BCX8">You are</span><span class="NormalTextRun SCXP216804036 BCX8"> managing hundreds or thousands of macOS or Windows </span></span><span class="TextRun SCXP216804036 BCX8" lang="en-us"><span class="NormalTextRun SCXP216804036 BCX8">devices, and need to understand if your environment is secure. Today </span></span><span class="TextRun SCXP216804036 BCX8" lang="en-us"><span class="NormalTextRun SCXP216804036 BCX8">you have</span><span class="NormalTextRun SCXP216804036 BCX8"> been told to deploy Microsoft Defender and to provide </span></span><span class="TextRun SCXP216804036 BCX8" lang="en-us"><span class="NormalTextRun SCXP216804036 BCX8">reporting to your CISO demonstrating that you have Anti-Malware </span></span><span class="TextRun SCXP216804036 BCX8" lang="en-us"><span class="NormalTextRun SCXP216804036 BCX8">protection in place, and that </span><span class="NormalTextRun SCXP216804036 BCX8">it is</span><span class="NormalTextRun SCXP216804036 BCX8"> operating correctly.</span></span><span class="EOP SCXP216804036 BCX8">​</span>

- <span class="TextRun SCXP216804036 BCX8" lang="en-us"><span class="NormalTextRun SCXP216804036 BCX8">What kind of installers are used?</span></span><span class="EOP SCXP216804036 BCX8">​</span>
- <span class="TextRun SpellingErrorZoomed SCXP216804036 BCX8" lang="en-us"><span class="NormalTextRun SCXP216804036 BCX8">How can the install be performed silently? </span><span class="SCXP216804036 BCX8">Fileset</span><span class="NormalTextRun SCXP216804036 BCX8"> Magic needed?</span></span><span class="EOP SCXP216804036 BCX8">​</span>
- <span class="TextRun SCXP216804036 BCX8" lang="en-us"><span class="NormalTextRun SCXP216804036 BCX8">What is the deadline to have the product deployed?</span></span><span class="EOP SCXP216804036 BCX8">​</span>
- <span class="TextRun SCXP216804036 BCX8" lang="en-us"><span class="NormalTextRun SCXP216804036 BCX8">Will it replace another product?</span></span><span class="EOP SCXP216804036 BCX8">​</span>
- <span class="TextRun SCXP216804036 BCX8" lang="en-us"><span class="NormalTextRun SCXP216804036 BCX8">MacOS, Windows or both?</span></span><span class="EOP SCXP216804036 BCX8">​</span>

<span class="TextRun SCXP24014824 BCX8" lang="en-us"><span class="NormalTextRun SCXP24014824 BCX8">Get started with this like any other deployment project:</span></span><span class="EOP SCXP24014824 BCX8">​</span>

- <span class="TextRun SCXP24014824 BCX8" lang="en-us"><span class="NormalTextRun SCXP24014824 BCX8">Ask the vendor for installation documentation - but </span></span><span class="TextRun SCXP24014824 BCX8" lang="en-us"><span class="NormalTextRun SCXP24014824 BCX8">FileWave may also post some examples;</span></span>
- Create a reverse timeline. Start small.​
- Search the Internet for how others have reported on that product because FileWave can do anything scriptable.

<span class="LineBreakBlob BlobObject SCXP24014824 BCX8"><span class="SCXP24014824 BCX8">Test and Verify:</span></span>

- Test. Test. Verify and then test again. ​
- Deploy to 1 machine, then expand in growing waves so that you can stay ahead of issues.​​
- Do you have an Early Adopters group of users who give feedback and are forgiving?​

![unknown.png](https://kb.filewave.com/uploads/images/gallery/2024-02/scaled-1680-/Yj10oasOvDR1OmiU-unknown.png)

## Deployment

<span class="TextRun SCXP227515743 BCX8" lang="en-us"><span class="NormalTextRun SCXP227515743 BCX8">Installers on Windows are usually an EXE or an MSI. In </span></span><span class="TextRun SCXP227515743 BCX8" lang="en-us"><span class="NormalTextRun SCXP227515743 BCX8">this case a BAT file is provided by Microsoft because </span></span><span class="TextRun SCXP227515743 BCX8" lang="en-us"><span class="NormalTextRun SCXP227515743 BCX8">Defender is part of Windows. </span></span><span class="EOP SCXP227515743 BCX8">​</span>

<span class="TextRun SCXP206715376 BCX8" lang="en-us"><span class="NormalTextRun SCXP206715376 BCX8">Did you know that </span></span><span class="TextRun SCXP206715376 BCX8" lang="en-us"><span class="NormalTextRun SCXP206715376 BCX8">you can execute </span></span><span class="TextRun SpellingErrorZoomed SCXP206715376 BCX8" lang="en-us"><span class="NormalTextRun SCXP206715376 BCX8">scripts in </span><span class="SCXP206715376 BCX8">Filesets</span><span class="NormalTextRun SCXP206715376 BCX8">, </span></span><span class="TextRun SCXP206715376 BCX8" lang="en-us"><span class="NormalTextRun SCXP206715376 BCX8">and each kind runs in </span></span><span class="TextRun SCXP206715376 BCX8" lang="en-us"><span class="NormalTextRun SCXP206715376 BCX8">a specific order and </span></span><span class="TextRun SCXP206715376 BCX8" lang="en-us"><span class="NormalTextRun SCXP206715376 BCX8">time?</span></span><span class="EOP SCXP206715376 BCX8">​</span>

<span class="TextRun SCXP206715376 BCX8" lang="en-us"><span class="NormalTextRun SCXP206715376 BCX8">How could the </span></span><span class="TextRun SCXP206715376 BCX8" lang="en-us"><span class="NormalTextRun SCXP206715376 BCX8">Uninstallation Scripts </span></span><span class="TextRun SCXP206715376 BCX8" lang="en-us"><span class="NormalTextRun SCXP206715376 BCX8">be helpful? Think about later when you may want to remove the deployed software.</span></span>

<span class="EOP SCXP206715376 BCX8"><span class="EOP SCXP192652519 BCX8">For the Deployment phase see this article on installation: [Microsoft Defender Recipe (Win)](https://kb.filewave.com/books/software-deployment-recipes-microsoft/page/microsoft-defender-recipe-win "Microsoft Defender Recipe (Win)")</span> ​</span>

<span class="EOP SCXP192652519 BCX8">​</span>

![image.png](https://kb.filewave.com/uploads/images/gallery/2024-02/scaled-1680-/yjERG3hub3qolq7S-image.png)

## Reporting

<span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">Queries/Reports are an easy way to </span></span><span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">keep track of progress and </span></span><span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">problems. We’ve made some </span></span><span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">Custom Fields for Defender, and we </span></span><span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">can leverage them to show who is </span></span><span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">missing Defender.</span></span><span class="EOP SCXP226964364 BCX8">​</span>

<span class="TextRun SpellingErrorZoomed SCXP226964364 BCX8" lang="en-us"><span class="SCXP226964364 BCX8">FileWave</span><span class="NormalTextRun SCXP226964364 BCX8"> also has installed </span></span><span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">application reporting but depending </span></span><span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">on your needs and how that </span></span><span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">application reports itself you can </span></span><span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">consider either method.</span></span><span class="EOP SCXP226964364 BCX8">​</span>

<span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">To use the custom fields you will want to download [Defender Custom Fields.customfields](https://kb.filewave.com/attachments/302) and then add them to your server. Do this in FileWave Central -&gt; Assistants -&gt; Custom Fields -&gt; Edit Custom Field Definitions. Here you will click Import and then pick the file you downloaded. This file has fields that will work for both macOS and Windows. Once added you'll want to enable them for a couple of devices at first. To do that go to FileWave Central -&gt; Clients and right click on a device and pick Edit Custom Field Associations. There you can check the boxes to enable these new fields. When you are happy with these Custom Fields, you'll want to go back to Edit Custom Field Definitions and pick "Assigned to all Devices" for each of the fields. </span></span>

<p class="callout info"><span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">Custom Fields based on scripts always need to be tested.</span></span></p>

<span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">Now that you have your Custom Fields in place you should have some results. You can see them by going to Clients -&gt; Customize Columns in the Toolbar, and then adding a couple of the custom fields to just see their values. You could also double click on any device in Clients that has the field active and see the values on the Device Details tab. </span></span>

<span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">Let's move on to making a Query in Central. Click the New Query button in the Toolbar. Ignore the copies of the field below with a "2" as this is my lab. Notice that I used "Defender Healthy" as a Custom Field to test if Defender is healthy. I want to make sure that the field is populated so I check that it's not null, and I want to find unhealthy so I'm going to look for devices where it is false. </span></span>

[![image.png](https://kb.filewave.com/uploads/images/gallery/2024-02/scaled-1680-/qGGKV62bWznjcPBb-image.png)](https://kb.filewave.com/uploads/images/gallery/2024-02/qGGKV62bWznjcPBb-image.png)

<span class="TextRun SCXP226964364 BCX8" lang="en-us"><span class="NormalTextRun SCXP226964364 BCX8">To find devices missing Defender notice that the App Version Custom Field can be used. If it is null (empty) then there is no Defender installed. </span></span>

[![image.png](https://kb.filewave.com/uploads/images/gallery/2024-02/scaled-1680-/SZxrHk5XgXnYazYO-image.png)](https://kb.filewave.com/uploads/images/gallery/2024-02/SZxrHk5XgXnYazYO-image.png)

## Remediation

## Dashboards

There are two parts to creating a dashboard, getting the data to the dashboard (Prometheus), displaying the data in the way you want (Grafana).

[yml\_dashboard\_files.zip](https://kb.filewave.com/attachments/309)

Create the dashboard:

Copy and Paste the JSON into a New dashboard:

<details id="bkmrk-dashboard-json-%7B-%22an"><summary>Dashboard JSON</summary>

```json
{
  "annotations": {
    "list": [
      {
        "builtIn": 1,
        "datasource": {
          "type": "grafana",
          "uid": "-- Grafana --"
        },
        "enable": true,
        "hide": true,
        "iconColor": "rgba(0, 211, 255, 1)",
        "name": "Annotations & Alerts",
        "type": "dashboard"
      }
    ]
  },
  "editable": true,
  "fiscalYearStartMonth": 0,
  "graphTooltip": 0,
  "id": 19,
  "links": [],
  "liveNow": false,
  "panels": [
    {
      "collapsed": false,
      "gridPos": {
        "h": 1,
        "w": 24,
        "x": 0,
        "y": 0
      },
      "id": 7,
      "panels": [],
      "title": "Overall Status",
      "type": "row"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "filewave_prometheus"
      },
      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
            "mode": "palette-classic"
          },
          "custom": {
            "hideFrom": {
              "legend": false,
              "tooltip": false,
              "viz": false
            }
          },
          "mappings": [],
          "unitScale": true
        },
        "overrides": [
          {
            "matcher": {
              "id": "byName",
              "options": "{__name__=\"filewave_inventory_query_55\", genericclient_ptr__operating_system__type=\"OSX\", instance=\"localhost:20443\", job=\"extra-config-https\", query_name=\"overall_os_breakdown\"}"
            },
            "properties": [
              {
                "id": "displayName",
                "value": "macOS"
              },
              {
                "id": "color",
                "value": {
                  "fixedColor": "blue",
                  "mode": "fixed"
                }
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "{__name__=\"filewave_inventory_query_55\", genericclient_ptr__operating_system__type=\"WIN\", instance=\"localhost:20443\", job=\"extra-config-https\", query_name=\"overall_os_breakdown\"}"
            },
            "properties": [
              {
                "id": "displayName",
                "value": "Windows"
              },
              {
                "id": "color",
                "value": {
                  "fixedColor": "light-purple",
                  "mode": "fixed"
                }
              }
            ]
          }
        ]
      },
      "gridPos": {
        "h": 10,
        "w": 5,
        "x": 0,
        "y": 1
      },
      "id": 10,
      "links": [
        {
          "targetBlank": true,
          "title": "",
          "url": "https://support2.filewave.net/filewave/reports/55/overview/"
        }
      ],
      "options": {
        "legend": {
          "displayMode": "list",
          "placement": "bottom",
          "showLegend": true
        },
        "pieType": "pie",
        "reduceOptions": {
          "calcs": [
            "lastNotNull"
          ],
          "fields": "",
          "values": false
        },
        "tooltip": {
          "mode": "single",
          "sort": "none"
        }
      },
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "filewave_prometheus"
          },
          "editorMode": "builder",
          "exemplar": false,
          "expr": "filewave_inventory_query_55",
          "instant": true,
          "legendFormat": "{{defender_healthy_fwcomp_pack}}",
          "range": false,
          "refId": "A"
        }
      ],
      "title": "Overall Desktop Device Breakdown",
      "type": "piechart"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "filewave_prometheus"
      },
      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
            "mode": "palette-classic"
          },
          "custom": {
            "hideFrom": {
              "legend": false,
              "tooltip": false,
              "viz": false
            }
          },
          "mappings": [],
          "unitScale": true
        },
        "overrides": [
          {
            "matcher": {
              "id": "byName",
              "options": "{__name__=\"filewave_inventory_query_56\", genericclient_ptr__operating_system__type=\"OSX\", instance=\"localhost:20443\", job=\"extra-config-https\", query_name=\"devices_without_defender\"}"
            },
            "properties": [
              {
                "id": "displayName",
                "value": "macOS"
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "{__name__=\"filewave_inventory_query_56\", genericclient_ptr__operating_system__type=\"WIN\", instance=\"localhost:20443\", job=\"extra-config-https\", query_name=\"devices_without_defender\"}"
            },
            "properties": [
              {
                "id": "displayName",
                "value": "Windows"
              }
            ]
          }
        ]
      },
      "gridPos": {
        "h": 10,
        "w": 5,
        "x": 5,
        "y": 1
      },
      "id": 11,
      "links": [
        {
          "targetBlank": true,
          "title": "",
          "url": "https://support2.filewave.net/filewave/reports/56/overview/"
        }
      ],
      "options": {
        "legend": {
          "displayMode": "list",
          "placement": "bottom",
          "showLegend": true
        },
        "pieType": "pie",
        "reduceOptions": {
          "calcs": [
            "lastNotNull"
          ],
          "fields": "",
          "values": false
        },
        "tooltip": {
          "mode": "single",
          "sort": "none"
        }
      },
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "filewave_prometheus"
          },
          "editorMode": "builder",
          "exemplar": false,
          "expr": "filewave_inventory_query_56",
          "instant": true,
          "legendFormat": "{{defender_healthy_fwcomp_pack}}",
          "range": false,
          "refId": "A"
        }
      ],
      "title": "Devices without Defender",
      "type": "piechart"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "filewave_prometheus"
      },
      "description": "Relative health of Microsoft Defender",
      "fieldConfig": {
        "defaults": {
          "color": {
            "mode": "palette-classic"
          },
          "custom": {
            "hideFrom": {
              "legend": false,
              "tooltip": false,
              "viz": false
            }
          },
          "mappings": [],
          "unitScale": true
        },
        "overrides": [
          {
            "matcher": {
              "id": "byName",
              "options": "True"
            },
            "properties": [
              {
                "id": "color",
                "value": {
                  "fixedColor": "green",
                  "mode": "fixed"
                }
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "False"
            },
            "properties": [
              {
                "id": "color",
                "value": {
                  "fixedColor": "semi-dark-red",
                  "mode": "fixed"
                }
              }
            ]
          }
        ]
      },
      "gridPos": {
        "h": 10,
        "w": 5,
        "x": 10,
        "y": 1
      },
      "id": 1,
      "links": [
        {
          "targetBlank": true,
          "title": "",
          "url": "https://support2.filewave.net/filewave/reports/49/overview/"
        }
      ],
      "options": {
        "legend": {
          "displayMode": "list",
          "placement": "bottom",
          "showLegend": true
        },
        "pieType": "pie",
        "reduceOptions": {
          "calcs": [
            "lastNotNull"
          ],
          "fields": "",
          "values": false
        },
        "tooltip": {
          "mode": "single",
          "sort": "none"
        }
      },
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "filewave_prometheus"
          },
          "editorMode": "builder",
          "exemplar": false,
          "expr": "filewave_inventory_query_49{defender_healthy_fwcomp_pack=\"True\"}",
          "instant": true,
          "legendFormat": "{{defender_healthy_fwcomp_pack}}",
          "range": false,
          "refId": "A"
        },
        {
          "datasource": {
            "type": "prometheus",
            "uid": "filewave_prometheus"
          },
          "editorMode": "builder",
          "expr": "filewave_inventory_query_49{defender_healthy_fwcomp_pack=\"False\"}",
          "hide": false,
          "legendFormat": "{{defender_healthy_fwcomp_pack}}",
          "range": true,
          "refId": "B"
        }
      ],
      "title": "Defender Healthy?",
      "type": "piechart"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "filewave_prometheus"
      },
      "fieldConfig": {
        "defaults": {
          "color": {
            "mode": "thresholds"
          },
          "custom": {
            "align": "auto",
            "cellOptions": {
              "type": "auto"
            },
            "filterable": false,
            "inspect": false
          },
          "mappings": [],
          "thresholds": {
            "mode": "absolute",
            "steps": [
              {
                "color": "green",
                "value": null
              },
              {
                "color": "red",
                "value": 80
              }
            ]
          },
          "unitScale": true
        },
        "overrides": [
          {
            "matcher": {
              "id": "byName",
              "options": "__name__"
            },
            "properties": [
              {
                "id": "custom.width",
                "value": 290
              },
              {
                "id": "custom.hidden",
                "value": true
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "Time"
            },
            "properties": [
              {
                "id": "custom.hidden",
                "value": true
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "instance"
            },
            "properties": [
              {
                "id": "custom.hidden",
                "value": true
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "query_name"
            },
            "properties": [
              {
                "id": "custom.hidden",
                "value": true
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "Value"
            },
            "properties": [
              {
                "id": "custom.hidden",
                "value": true
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "job"
            },
            "properties": [
              {
                "id": "custom.hidden",
                "value": true
              }
            ]
          }
        ]
      },
      "gridPos": {
        "h": 10,
        "w": 4,
        "x": 15,
        "y": 1
      },
      "id": 2,
      "links": [
        {
          "targetBlank": true,
          "title": "",
          "url": "https://support2.filewave.net/filewave/reports/50/overview/"
        }
      ],
      "options": {
        "cellHeight": "sm",
        "footer": {
          "countRows": false,
          "fields": "",
          "reducer": [
            "sum"
          ],
          "show": false
        },
        "showHeader": true,
        "sortBy": [
          {
            "desc": false,
            "displayName": "device_name"
          }
        ]
      },
      "pluginVersion": "10.3.1",
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "filewave_prometheus"
          },
          "editorMode": "builder",
          "exemplar": false,
          "expr": "filewave_inventory_query_50",
          "format": "table",
          "instant": true,
          "legendFormat": "{{device_name}}",
          "range": false,
          "refId": "A"
        }
      ],
      "title": "Unhealthy Defender Clients",
      "transformations": [],
      "type": "table"
    },
    {
      "collapsed": false,
      "gridPos": {
        "h": 1,
        "w": 24,
        "x": 0,
        "y": 11
      },
      "id": 12,
      "panels": [],
      "title": "Threat Detection and Issues",
      "type": "row"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "filewave_prometheus"
      },
      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
            "mode": "thresholds"
          },
          "custom": {
            "align": "auto",
            "cellOptions": {
              "type": "auto"
            },
            "inspect": false
          },
          "mappings": [],
          "thresholds": {
            "mode": "absolute",
            "steps": [
              {
                "color": "green",
                "value": null
              },
              {
                "color": "red",
                "value": 80
              }
            ]
          },
          "unitScale": true
        },
        "overrides": [
          {
            "matcher": {
              "id": "byName",
              "options": "Time"
            },
            "properties": [
              {
                "id": "custom.hidden",
                "value": true
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "Value"
            },
            "properties": [
              {
                "id": "custom.hidden",
                "value": true
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "query_name"
            },
            "properties": [
              {
                "id": "custom.hidden",
                "value": true
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "job"
            },
            "properties": [
              {
                "id": "custom.hidden",
                "value": true
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "device_name"
            },
            "properties": [
              {
                "id": "custom.hidden",
                "value": true
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "__name__"
            },
            "properties": [
              {
                "id": "custom.hidden",
                "value": true
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "instance"
            },
            "properties": [
              {
                "id": "custom.hidden",
                "value": true
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "defender_threats_detected_fwcomp_pack"
            },
            "properties": [
              {
                "id": "displayName",
                "value": "Threat Detected"
              }
            ]
          }
        ]
      },
      "gridPos": {
        "h": 9,
        "w": 19,
        "x": 0,
        "y": 12
      },
      "id": 13,
      "links": [
        {
          "targetBlank": true,
          "title": "Show Details",
          "url": "https://support2.filewave.net/filewave/reports/57/overview/"
        }
      ],
      "options": {
        "cellHeight": "sm",
        "footer": {
          "countRows": false,
          "fields": "",
          "reducer": [
            "sum"
          ],
          "show": false
        },
        "showHeader": true
      },
      "pluginVersion": "10.3.1",
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "filewave_prometheus"
          },
          "editorMode": "builder",
          "exemplar": false,
          "expr": "filewave_inventory_query_57",
          "format": "table",
          "instant": true,
          "legendFormat": "{{label_name}}",
          "range": false,
          "refId": "A"
        }
      ],
      "title": "Detected Threats",
      "type": "table"
    },
    {
      "collapsed": false,
      "gridPos": {
        "h": 1,
        "w": 24,
        "x": 0,
        "y": 21
      },
      "id": 6,
      "panels": [],
      "title": "Windows",
      "type": "row"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "filewave_prometheus"
      },
      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
            "mode": "palette-classic"
          },
          "custom": {
            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
            "axisPlacement": "auto",
            "fillOpacity": 80,
            "gradientMode": "none",
            "hideFrom": {
              "legend": false,
              "tooltip": false,
              "viz": false
            },
            "lineWidth": 1,
            "scaleDistribution": {
              "type": "linear"
            },
            "thresholdsStyle": {
              "mode": "off"
            }
          },
          "mappings": [],
          "thresholds": {
            "mode": "absolute",
            "steps": [
              {
                "color": "green",
                "value": null
              },
              {
                "color": "red",
                "value": 80
              }
            ]
          },
          "unitScale": true
        },
        "overrides": []
      },
      "gridPos": {
        "h": 10,
        "w": 8,
        "x": 0,
        "y": 22
      },
      "id": 4,
      "links": [
        {
          "targetBlank": true,
          "title": "",
          "url": "https://support2.filewave.net/filewave/reports/52/overview/"
        }
      ],
      "options": {
        "barRadius": 0,
        "barWidth": 0.97,
        "fullHighlight": false,
        "groupWidth": 0.7,
        "legend": {
          "calcs": [],
          "displayMode": "list",
          "placement": "bottom",
          "showLegend": false
        },
        "orientation": "auto",
        "showValue": "auto",
        "stacking": "none",
        "tooltip": {
          "mode": "single",
          "sort": "none"
        },
        "xTickLabelRotation": 0,
        "xTickLabelSpacing": 0
      },
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "filewave_prometheus"
          },
          "editorMode": "builder",
          "exemplar": false,
          "expr": "filewave_inventory_query_52",
          "instant": true,
          "legendFormat": "{{defender_defs_version_fwcomp_pack}}",
          "range": false,
          "refId": "A"
        }
      ],
      "title": "Virus Defs Versions Windows",
      "type": "barchart"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "filewave_prometheus"
      },
      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
            "mode": "palette-classic"
          },
          "custom": {
            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
            "axisPlacement": "auto",
            "fillOpacity": 80,
            "gradientMode": "none",
            "hideFrom": {
              "legend": false,
              "tooltip": false,
              "viz": false
            },
            "lineWidth": 1,
            "scaleDistribution": {
              "type": "linear"
            },
            "thresholdsStyle": {
              "mode": "off"
            }
          },
          "mappings": [],
          "thresholds": {
            "mode": "absolute",
            "steps": [
              {
                "color": "green",
                "value": null
              },
              {
                "color": "red",
                "value": 80
              }
            ]
          },
          "unitScale": true
        },
        "overrides": []
      },
      "gridPos": {
        "h": 10,
        "w": 9,
        "x": 8,
        "y": 22
      },
      "id": 9,
      "links": [
        {
          "targetBlank": true,
          "title": "",
          "url": "https://support2.filewave.net/filewave/reports/54/overview/"
        }
      ],
      "options": {
        "barRadius": 0,
        "barWidth": 0.97,
        "fullHighlight": false,
        "groupWidth": 0.7,
        "legend": {
          "calcs": [],
          "displayMode": "list",
          "placement": "bottom",
          "showLegend": false
        },
        "orientation": "auto",
        "showValue": "auto",
        "stacking": "none",
        "tooltip": {
          "mode": "single",
          "sort": "none"
        },
        "xTickLabelRotation": 0,
        "xTickLabelSpacing": 0
      },
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "filewave_prometheus"
          },
          "editorMode": "builder",
          "exemplar": false,
          "expr": "filewave_inventory_query_54",
          "instant": true,
          "legendFormat": "{{defender_app_version_fwcomp_pack}}",
          "range": false,
          "refId": "A"
        }
      ],
      "title": "Defender Version Windows",
      "type": "barchart"
    },
    {
      "collapsed": false,
      "gridPos": {
        "h": 1,
        "w": 24,
        "x": 0,
        "y": 32
      },
      "id": 5,
      "panels": [],
      "title": "macOS",
      "type": "row"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "filewave_prometheus"
      },
      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
            "mode": "palette-classic"
          },
          "custom": {
            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
            "axisPlacement": "auto",
            "fillOpacity": 80,
            "gradientMode": "none",
            "hideFrom": {
              "legend": false,
              "tooltip": false,
              "viz": false
            },
            "lineWidth": 1,
            "scaleDistribution": {
              "type": "linear"
            },
            "thresholdsStyle": {
              "mode": "off"
            }
          },
          "mappings": [],
          "thresholds": {
            "mode": "absolute",
            "steps": [
              {
                "color": "green",
                "value": null
              },
              {
                "color": "red",
                "value": 80
              }
            ]
          },
          "unitScale": true
        },
        "overrides": []
      },
      "gridPos": {
        "h": 10,
        "w": 8,
        "x": 0,
        "y": 33
      },
      "id": 3,
      "links": [
        {
          "targetBlank": true,
          "title": "",
          "url": "https://support2.filewave.net/filewave/reports/51/overview/"
        }
      ],
      "options": {
        "barRadius": 0,
        "barWidth": 0.97,
        "fullHighlight": false,
        "groupWidth": 0.7,
        "legend": {
          "calcs": [],
          "displayMode": "list",
          "placement": "bottom",
          "showLegend": false
        },
        "orientation": "auto",
        "showValue": "auto",
        "stacking": "none",
        "tooltip": {
          "mode": "single",
          "sort": "none"
        },
        "xTickLabelRotation": 0,
        "xTickLabelSpacing": 0
      },
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "filewave_prometheus"
          },
          "editorMode": "builder",
          "exemplar": false,
          "expr": "filewave_inventory_query_51",
          "instant": true,
          "legendFormat": "{{defender_defs_version_fwcomp_pack}}",
          "range": false,
          "refId": "A"
        }
      ],
      "title": "Virus Defs Versions macOS",
      "type": "barchart"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "filewave_prometheus"
      },
      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
            "mode": "palette-classic"
          },
          "custom": {
            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
            "axisPlacement": "auto",
            "fillOpacity": 80,
            "gradientMode": "none",
            "hideFrom": {
              "legend": false,
              "tooltip": false,
              "viz": false
            },
            "lineWidth": 1,
            "scaleDistribution": {
              "type": "linear"
            },
            "thresholdsStyle": {
              "mode": "off"
            }
          },
          "mappings": [],
          "thresholds": {
            "mode": "absolute",
            "steps": [
              {
                "color": "green",
                "value": null
              },
              {
                "color": "red",
                "value": 80
              }
            ]
          },
          "unitScale": true
        },
        "overrides": []
      },
      "gridPos": {
        "h": 10,
        "w": 9,
        "x": 8,
        "y": 33
      },
      "id": 8,
      "links": [
        {
          "targetBlank": true,
          "title": "",
          "url": "https://support2.filewave.net/filewave/reports/53/overview/"
        }
      ],
      "options": {
        "barRadius": 0,
        "barWidth": 0.97,
        "fullHighlight": false,
        "groupWidth": 0.7,
        "legend": {
          "calcs": [],
          "displayMode": "list",
          "placement": "bottom",
          "showLegend": false
        },
        "orientation": "auto",
        "showValue": "auto",
        "stacking": "none",
        "tooltip": {
          "mode": "single",
          "sort": "none"
        },
        "xTickLabelRotation": 0,
        "xTickLabelSpacing": 0
      },
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "filewave_prometheus"
          },
          "editorMode": "builder",
          "exemplar": false,
          "expr": "filewave_inventory_query_53",
          "instant": true,
          "legendFormat": "{{defender_app_version_fwcomp_pack}}",
          "range": false,
          "refId": "A"
        }
      ],
      "title": "Defender Version macOS",
      "type": "barchart"
    }
  ],
  "refresh": "",
  "schemaVersion": 39,
  "tags": [],
  "templating": {
    "list": []
  },
  "time": {
    "from": "now-6h",
    "to": "now"
  },
  "timepicker": {},
  "timezone": "",
  "title": "Defender Dashboard",
  "uid": "c26006b5-0295-4ec0-9b54-3efd3d714a9f",
  "version": 1,
  "weekStart": ""
}
```

</details>Related Content

## Related Content

- [Microsoft Defender Recipe (Win)](https://kb.filewave.com/books/software-deployment-recipes-microsoft/page/microsoft-defender-recipe-win "Microsoft Defender Recipe (Win)")
- [Microsoft Defender Recipe (macOS)](https://kb.filewave.com/books/software-deployment-recipes-macos/page/microsoft-defender-recipe-macos "Microsoft Defender Recipe (macOS)")
- [Microsoft Defender Compliance Pack (macOS)](https://kb.filewave.com/books/compliance-packs-macos/page/microsoft-defender-compliance-pack-macos "Microsoft Defender Compliance Pack (macOS)")

# BitLocker Management for Windows 10 and 11

## Description

This Compliance Pack helps you report on BitLocker status and, when assigned, enable BitLocker on supported Windows 10 and Windows 11 devices. The Custom Fields report recovery key and encryption status. The enforcement Fileset can take action, so test it on a small Windows group before wider deployment.

## Ingredients

- FileWave Central
- Windows OS systems running a version of Windows that is licensed for BitLocker
- BitLocker Fileset
    
    
    - **Activation**: Associate the Fileset with Windows clients to enable BitLocker.
    - **Deactivation**: Remove the association to disable BitLocker.
    - **Customization**: The script within the Fileset includes specific options that can be customized by administrators based on organizational needs.
- Custom Fields
    
    
    - **BitLocker Key**: Displays the recovery keys for encrypted drives. For example, "C:, 219296-176121-018458-479017-019437-305833-463155-542608". After importing the Custom Field, choose to assign it to specific devices or all devices.
    - **BitLocker Status**: Presents the current encryption state, such as "Conversion Status: Used Space Only Encrypted".

<table id="bkmrk-macos" style="border-collapse:collapse;width:19.2593%;"><colgroup><col style="width:100%;"></col></colgroup><tbody><tr><td class="align-center" style="background-color:rgb(206,212,217);">**BitLocker Compliance Pack**</td></tr><tr><td>[![FileWave Download.png](https://kb.filewave.com/uploads/images/gallery/2023-06/scaled-1680-/LhUDCHKqr6dGiaoG-filewave-download.png)](https://kb.filewave.com/attachments/295)</td></tr></tbody></table>

## Directions

### Download

1. Download the BitLocker Compliance Pack.
    
    
    - Unzip the zip file and you will find a Fileset as well as a Custom Fields file.

### BitLocker Custom Fields

The Custom Fields report BitLocker information only. They do **not** encrypt devices or change BitLocker settings. Use the steps below to import and assign them.

1. In FileWave Central go to Assistants -&gt; Custom Fields -&gt; Edit Custom Field Definitions.
2. Click "Import" and pick the .customfields file from the zip you downloaded.
3. For both BitLocker Key and BitLocker Status, select the Custom Field and check "Assigned to all devices" if you want to capture the status for all devices. To scope reporting to specific devices, select those devices in the Clients view, right-click, and choose Edit Custom Field Associations.
4. Add the two new fields to the Clients view or to any Reports (formerly Queries). Run a Model Update, then wait for devices to report inventory before expecting data to appear.

### Bitlocker Enforcement Fileset

This Fileset **will** take action on devices when assigned. Test it first and confirm the encryption behavior before applying it broadly. When you associate it with a capable Windows device, that device encrypts, and the Custom Fields report the result after inventory runs. Reporting is not immediate because FileWave needs a new inventory check-in; use Verify during testing if you want the device to report sooner.

1. Drag and drop the Bitlocker Enforcement.fileset in to your Filesets area in FileWave Central.
2. Move it to wherever you would like it in the Filesets area.
3. Create an Association or a Deployment to assign it to a device.
4. Watch the device encrypt by checking the drive properties in Windows Explorer or by running `manage-bde.exe` on that computer. The Custom Fields do not update in real time, so checking locally is the clearest test signal.
5. Notice what happens if you break the Association. **The device will decrypt.**

To inspect how the pack works, select the Fileset and open Scripts from the toolbar. The Fileset includes one script to encrypt and one to decrypt. If encryption fails, check the Fileset log directory under `C:\ProgramData\FileWave\log\fwcld\`. Each Fileset has its own ID-numbered directory. Also confirm that the Windows edition supports BitLocker; FileWave can only enable BitLocker when the operating system includes that capability. The encryption script includes options you can adjust if your organization needs different BitLocker settings.

## Related Content

- [Compliance Packs (Windows)](https://kb.filewave.com/books/compliance-packs-windows "Compliance Packs (Windows)")
- [Compliance Packs (macOS)](https://kb.filewave.com/books/compliance-packs-macos "Compliance Packs (macOS)")