Description: This query looks to see the status of the windows defender firewall status. Windows defender should be enabled in enterprise environments even if there is an enterprise grade firewall to improve defense in depth and make it more difficult for attackers to move laterally.
What The Data Shows: The data shows the status of the windows defender firewall on windows machines.
SQL:
SELECT display_name,status,start_type from services where lower(name) = "mpssvc";
