Built off the open source project Osquery
Description: This query looks for Windows endpoints with WSL feature enabled
What The Data Shows: It provides the list of endpoints with WSL enabled. Some Linux malwares can now infect Windows OS from WSL.
SQL: SELECT * FROM windows_optional_features WHERE name = 'Microsoft-Windows-Subsystem-Linux' AND state = 1
> Requirement: Windows only
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.