1.id

MachineIdentifier

2.电脑杀毒软件

• ProductName - Defender state information e.g. win8defender

win8defender 8826520

mse 94873

mseprerelease 53

scep 22

windowsintune 8

fep 7

• EngineVersion - Defender state information e.g. 1.1.12603.0

70 unique

• AppVersion - Defender state information e.g. 4.9.10586.0

110 unique

• AvSigVersion - Defender state information e.g. 1.217.1014.0

8,531 unique

• IsBeta - Defender state information e.g. false

binary全0，基本没用

3.电脑系统配置

• RtpStateBitfield （Realtime protection state）

7 unique and NaN 32318

• IsSxsPassiveMode this a active/passive mode of operation for Windows Defender. If another third party primary antivirus exists on the system, the Defender enters Passive mode.

binary

• DefaultBrowsersIdentifier

2017 unique

• HasTpm - True if machine has tpm

可信平台模块（Trusted Platform Module） binary

4.自配杀毒软件

• AVProductStatesIdentifier - ID for the specific configuration of a user's antivirus software

28,970 unique

• AVProductsInstalled - NA

安装数量

• AVProductsEnabled - NA

激活数量

• IsProtected - This is a calculated field derived from the Spynet Report's AV Products field. Returns: a. TRUE if there is at least one active and up-to-date antivirus product running on this machine. b. FALSE if there is no active AV product on this machine, or if the AV is active, but is not receiving the latest updates. c. null if there are no Anti Virus Products in the report. Returns: Whether a machine is protected.

binary $ null

5.电脑位置

• CountryIdentifier - ID for the country the machine is located in

This has 222 unique int64 IDs. Wikipedia cites 255+ countries and independent territories. If these are exact country codes, then Austria (43) has the highest number of rows in this data set, while USA(001) has just 2 %.

• CityIdentifier - ID for the city the machine is located in

1,07,366 unique cities and huge number(~5%) of NaNs.

• OrganizationIdentifier - ID for the organization the machine belongs in, organization ID is mapped to both specific companies and broad industries

There are 49 unique organisations, 50% of the computers being under one org, another 25% not-classified. Here's a breakup of the top 5 values

• GeoNameIdentifier - ID for the geographic region a machine is located in

292 geographic regions, a machine is located in.

• LocaleEnglishNameIdentifier - English name of Locale ID of the current user

276 locale int64 IDs. "A locale is neither a language nor a country, the same language may be spoken in multiple countries (often with subtle differences) and a single country may speak multiple languages. A locale is therefore an area where a particular language is spoken which may (or may not) align with geographical and/or political boundaries.

6.操作系统

• Platform - Calculates platform name (of OS related properties and processor property)

windows10 8618715

windows8 194508

windows7 93889

windows2016 14371

• Processor - This is the process architecture of the installed operating system

x64 8105435

x86 815702

arm64 346

• OsVer - Version of the current operating system

10.0.0.0 8632545

6.3.0.0 194447

6.1.1.0 93268

6.1.0.0 582

10.0.3.0 225

10.0.1.0 141

• OsBuild - Build of the current operating system

76 unique build numbers, of which ~5 form the majority

• OsSuite - Product suite mask for the current operating system.

14 unique，This has a very skewed distribution.

• OsPlatformSubRelease - Returns the OS Platform sub-release (Windows Vista, Windows 7, Windows 8, TH1, TH2)

rs4 3915526

rs3 2503681

rs2 780270

rs1 730819

th2 411606

th1 270192

windows8.1 194508

windows7 93889

prers5 20992

• OsBuildLab - Build lab that generated the current OS. Example: 9600.17630.amd64fre.winblue_r7.150109-2022

• SkuEdition - The goal of this feature is to use the Product Type defined in the MSDN to map to a 'SKU-Edition' name that is useful in population reporting. The valid Product Type are defined in %sdxroot%\data\windowseditions.xml. This API has been used since Vista and Server 2008, so there are many Product Types that do not apply to Windows 10. The 'SKU-Edition' is a string value that is in one of three classes of results. The design must hand each class.

Home 5514341

Pro 3224164

Invalid 78054

Education 40694

Enterprise 34357

Enterprise LTSB 20702

Cloud 5589

Server 3582

7.电脑环境2

• AutoSampleOptIn - This is the SubmitSamplesConsent value passed in from the service, available on CAMP 9+

0 8921225

1 258

• PuaMode - Pua Enabled mode from the service

这些应用程序不被视为病毒、恶意软件或其他类型的威胁，但可能会对影响其性能或使用的终结点执行操作。PUA也可以指信誉不佳的应用程序。

• SMode - This field is set to true when the device is known to be in 'S Mode', as in, Windows 10 S mode, where only Microsoft Store apps can be installed

0.0 8379843

NaN 537759

1.0 3881

• IeVerIdentifier - Retrieves which version of Internet Explorer is running on this device.sourceThis has 303 unique values. Here are the most frequent values, uptil a NaN.

• SmartScreen - This is the SmartScreen enabled string value from registry. This is obtained by checking in order, HKLM\SOFTWARE\Policies\Microsoft\Windows\System\SmartScreenEnabled and HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SmartScreenEnabled. If the value exists but is blank, the value "ExistsNotSet" is sent in telemetry.

Windows Defender SmartScreen helps to protect your employees if they try to visit sites previously reported as phishing or malware websites, or if an employee tries to download potentially malicious files. This only applies to Win 10 and Win 10 mobile.

• Firewall - This attribute is true (1) for Windows 8.1 and above if windows firewall is enabled, as reported by the service.

1.0 8641014

0.0 189119

NaN 91350

• UacLuaenable - This attribute reports whether or not the "administrator in Admin Approval Mode" user type is disabled or enabled in UAC. The value reported is obtained by reading the regkey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA.

用户帐户控制（User Account Control，简写作UAC)

8.Census

8.1Census_用途

• Census_MDC2FormFactor - A grouping based on a combination of Device Census level hardware characteristics. The logic used to define Form Factor is rooted in business and industry standards and aligns with how people think about their device. (Examples: Smartphone, Small Tablet, All in One, Convertible...)

智能手机、小型平板电脑、多功能一体机

• Census_DeviceFamily - AKA DeviceClass. Indicates the type of device that an edition of the OS is intended for. Example values: Windows.Desktop, Windows.Mobile, and iOS.Phone

8.2Census_OEM

• Census_OEMNameIdentifier - NA

• Census_OEMModelIdentifier - NA

8.3Census_Processor

• Census_ProcessorCoreCount - Number of logical cores in the processor

cpu几个核心 45 unique

• Census_ProcessorManufacturerIdentifier - NA

制造商

• Census_ProcessorModelIdentifier - NA

3,428 unique values

• Census_ProcessorClass - A classification of processors into high/medium/low. Initially used for Pricing Level SKU. No longer maintained and updated

This column is mostly empty.

8.4Census_PrimaryDisk

• Census_PrimaryDiskTotalCapacity - Amount of disk space on primary disk of the machine in MB

Unique value count: 5,735.

• Census_PrimaryDiskTypeName - Friendly name of Primary Disk Type - HDD or SSD

HDD 5806804

SSD 2466808

UNKNOWN 358251

Unspecified 276776

NaN 12844

• Census_SystemVolumeTotalCapacity - The size of the partition that the System volume is installed on in MB

系统体积

• Census_HasOpticalDiskDrive - True indicates that the machine has an optical disk drive (CD/DVD)

0.0 8921483

Name: Census_HasOpticalDiskDrive, dtype: int64

• Census_TotalPhysicalRAM - Retrieves the physical RAM in MB

内存

8.6Census_InternalPrimaryDiagonalDisplaySize

• Census_ChassisTypeName - Retrieves a numeric representation of what type of chassis the machine has. A value of 0 means xx

Notebook 5248812

Desktop 1872125

Laptop 685581

Portable 360903

AllinOne 204295

• Census_InternalPrimaryDiagonalDisplaySizeInInches - Retrieves the physical diagonal length in inches of the primary display

2,180 unique

• Census_InternalPrimaryDisplayResolutionHorizontal - Retrieves the number of pixels in the horizontal direction of the internal display.

1,560 unique

• Census_InternalPrimaryDisplayResolutionVertical - Retrieves the number of pixels in the vertical direction of the internal display

8.7Census_Power

• Census_PowerPlatformRoleName - Indicates the OEM preferred power management profile. This value helps identify the basic form factor of the device

• Census_InternalBatteryType - Has a lot of inconsistent naming schemes. For example - '#', 'lion', '4cel', 'l&#TAB#'. Majority of the machines are still represented in less than 10 labels. Some of these seem similar, for example - lion, li-i and liio could possibly be placeholders for lithium-ion batteries.

• Census_InternalBatteryNumberOfCharges - Assuming this to be the number of battery cycles. If battery cycles are set to zero, could it be that these devices were in the first cycle of battery charge / are VMs or desktops ? What makes it more interesting is that 56% of the machines are in their first cycle of battery charge OR are non-battery operated.

8.8Census_OSVersion

• Census_OSVersion - Numeric OS version Example - 10.0.10130.0

469 unique

• Census_OSArchitecture - Architecture on which the OS is based. Derived from OSVersionFull. Example - amd64

amd64 8105885

x86 815252

arm64 346

• Census_OSBranch - Branch of the OS extracted from the OsVersionFull. Example - OsBranch = fbl_partner_eeap where OsVersion = 6.4.9813.0.amd64fre.fbl_partner_eeap.140810-0005

32 unique

• Census_OSBuildNumber - OS Build number extracted from the OsVersionFull. Example - OsBuildNumber = 10512 or 10240

165 unique values

• Census_OSBuildRevision - OS Build revision extracted from the OsVersionFull. Example - OsBuildRevision = 1000 or 16458

285 unique values.

• Census_OSEdition - Edition of the current OS. Sourced from HKLM\Software\Microsoft\Windows NT\CurrentVersion@EditionID in registry. Example: Enterprise

33 unique values

Core 3469991

Professional 3130566

CoreSingleLanguage 1945461

CoreCountrySpecific 166100

ProfessionalEducation 56698

 

• Census_OSSkuName - OS edition friendly name (currently Windows only)

30 unique

• Census_OSInstallTypeName - Friendly description of what install was used on the machine i.e. clean

UUPUpgrade 2608037

IBSClean 1650733

Update 1593308

Upgrade 1251559

Other 840121

Reset 649201

Refresh 205842

Clean 69073

CleanPCRefresh 53609

8.8Census_OSLanguage&Locale

• Census_OSInstallLanguageIdentifier - NA

39 unique values

• Census_OSUILocaleIdentifier - NA

147 unique values

8.9Census_更新

• Census_OSWUAutoUpdateOptionsName - Friendly name of the WindowsUpdate auto-update settings on the machine.

FullAuto 3954497

UNKNOWN 2519925

Notify 2034254

AutoInstallAndRebootAtMaintenanceTime 371475

Off 26961

DownloadNotify 14371

8.10usb_启动

• Census_IsPortableOperatingSystem - Indicates whether OS is booted up and running via Windows-To-Go on a USB stick.

0 8916619

1 4864

8.11激活

• Census_GenuineStateName - Friendly name of OSGenuineStateID. 0 = Genuine

IS_GENUINE 7877597

INVALID_LICENSE 801692

OFFLINE 228366

UNKNOWN 13826

TAMPERED 2

• Census_ActivationChannel - Retail license key or Volume license key for a machine.

Retail 4727589

OEM:DM 3413350

Volume:GVLK 450954

OEM:NONSLP 317980

Volume:MAK 8028

Retail:TB:Eval 3582

8.12Census_IsFlight

• Census_IsFlightingInternal - NA

NaN 7408759

0.0 1512703

1.0 21

• Census_IsFlightsDisabled - Indicates if the machine is participating in flighting.

0.0 8760872

NaN 160523

1.0 88

• Census_FlightRing - The ring that the device user would like to receive flights for. This might be different from the ring of the OS which is currently installed if the user changes the ring after getting a flight from a different ring.

Retail 8355679

NOT_SET 287803

Unknown 243438

WIS 10648 WIF 10322

RP 9860

Disabled 3722

OSG 7

Canary 3

Invalid 1

• Census_ThresholdOptIn - NA

NaN 5667325

0.0 3253342

1.0 816

8.13Census_Firmware

• Census_FirmwareManufacturerIdentifier - NA

712 unique values

• Census_FirmwareVersionIdentifier - NA

50K unique values.

8.13Census_Boot

• Census_IsSecureBootEnabled - Indicates if Secure Boot mode is enabled.

0 4585438

1 4336045

• Census_IsWIMBootEnabled - NA

NaN 5659703 0.0 3261779 1.0 1

8.14Census_外置

• Census_IsVirtualDevice - Identifies a Virtual Machine (machine learning model)

0.0 8842840

1.0 62690

NaN 15953

• Census_IsTouchEnabled - Is this a touch device ?

0 7801452

1 1120031

• Census_IsPenCapable - Is the device capable of pen input ?

0 8581834

1 339649

8.15Census_others

• Census_IsAlwaysOnAlwaysConnectedCapable - Retreives information about whether the battery enables the device to be AlwaysOnAlwaysConnected .

Keep Wi-Fi on when the screen times out 0.0 8341972 1.0 508168 NaN 71343

Census_ThresholdOptIn - NA

NaN 5667325

0.0 3253342

1.0 816

9.Wdft

• Wdft_IsGamer - Indicates whether the device is a gamer device or not based on its hardware combination.

0.0 6174143

1.0 2443889

NaN 303451

• Wdft_RegionIdentifier - NA

15 unique