← Back to Explore
kqlHunting
End of Life Software with File Paths using TVM
Detection Query
DeviceTvmSoftwareInventory
| where SoftwareName != ""
| where EndOfSupportStatus in("EOS Version","Upcoming EOS Version")
| join kind=leftouter DeviceTvmSoftwareEvidenceBeta on DeviceId,SoftwareName
| summarize EarliestEndOfSupport=min(EndOfSupportDate) by SoftwareName,DeviceName,tostring(DiskPaths)Data Sources
DeviceTvmSoftwareInventory
Platforms
windows
Tags
defender
Raw Content
DeviceTvmSoftwareInventory
| where SoftwareName != ""
| where EndOfSupportStatus in("EOS Version","Upcoming EOS Version")
| join kind=leftouter DeviceTvmSoftwareEvidenceBeta on DeviceId,SoftwareName
| summarize EarliestEndOfSupport=min(EndOfSupportDate) by SoftwareName,DeviceName,tostring(DiskPaths)