diff --git a/General queries/WD AV Signature and Platform Version.txt b/General queries/WD AV Signature and Platform Version.txt
index 11ea7473..c3bdec10 100644
--- a/General queries/WD AV Signature and Platform Version.txt	
+++ b/General queries/WD AV Signature and Platform Version.txt	
@@ -1,26 +1,66 @@
 // Author: António Vasconcelos
 // Twitter: https://twitter.com/anthonws
-// This query provides you the latest signature and platform (MoCamp) for Windows Defender AV
-// --------------------------------------------------------------------------------------- //
-// Define the time window
-// Please note that results will vary depending on startDate
-let startDate = ago(7d);
-DeviceFileEvents
+// --------------------------------------------------------------------------------------------------------------------------- //
+// *GOAL*
+// This query provides you the latest signature and platform (MoCamp) for Windows Defender AV per DeviceName.
+// If a given machine does not have one of the fields populated, it means that AH does not have data for it, in the last 30 days.
+// The main objective with this query is being able to reportin on a specific or group of devices, during an IR.
+// Please note that AH has a limitation of 10K rows output per query!
+// THIS QUERY SHOULD NOT REPLACE A ROBUST REPORTING MECHANISM, OFFERED BY PLATFORMS LIKE MICROSOFT ENDPOINT MANAGER!
+// --------------------------------------------------------------------------------------------------------------------------- //
+// *DISCLAIMER*
+// THIS IS A SAMPLE QUERY
+// PLEASE NOTE THAT I TAKE NO RESPONSIBILITY ON THE RESULTS THIS QUERY MIGHT YIELD
+// YOU SHOULD TEST IT AND MAKE SURE IT FITS YOUR NEEDS 
+// THIS QUERY IS NOT OFFICIAL AND ENDORSED BY MICROSOFT
+// --------------------------------------------------------------------------------------------------------------------------- //
+// *CHANGELOG*
+// V3 - 20/04/2020
+// - Correct a "bug" in the summarize
+// - Improved stability
+// - Added disclaimer
+// V2 - 19/22/2019
+// - Changed the query to account for the time separation between Signature Updates and Engine Updates.
+// - Should now reflect properly both Signature and Enginer per machine, in a single line per device.
+// V1 - Long, long time ago
+// - Initial query
+// --------------------------------------------------------------------------------------------------------------------------- //
+// We start by defining the time windows both for Signature Updates and Platform Updates
+// Signature Updates happen multiple times per day
+// We want to look at the last 7 days (after 7 days signatures are considered to be out-of-date [default config])
+let SignaturestartDate = ago(7d);
+// Platform Updates happen every 30 days (by default), with Patch Tuesday
+let PlatformstartDate = ago(30d);
+//
+// Block where we extract Signature version info
+//
+let SignatureVersion = DeviceFileEvents
 | where InitiatingProcessCommandLine has "MpSigStub.exe"
-//To exclude Engine Updates and non update events 
+//This line is used to exclude Engine Updates and non update events (we just want Signature Updates)
 | where InitiatingProcessParentFileName !~ "AM_Engine.exe" and InitiatingProcessParentFileName !~ "wuauclt.exe"
-// Comment the below line if you're looking specifically for a computer
-| where Timestamp > startDate
+// startDate defined in the beginning of the query
+| where Timestamp > SignaturestartDate
 // Uncomment the line below when looking for info regarding a specific computer
-//| and DeviceName == "COMPUTER"
+//| where DeviceName == "COMPUTER"
 | extend NewVersion=tostring(split(InitiatingProcessCommandLine, " ")[4]) 
-| summarize arg_max(NewVersion, Timestamp) by DeviceName
-| project DeviceName , NewVersion
-| join (DeviceFileEvents
-        | where FileName == "MsMpEng.exe"
-        | where FolderPath has @"C:\ProgramData\Microsoft\Windows Defender\Platform\"
-        | where Timestamp > startDate
-        | extend PlatformVersion=tostring(split(FolderPath, "\\", 5))
-        | project DeviceName, PlatformVersion)
+| summarize arg_max(Timestamp, *) by DeviceName
+| project DeviceName , NewVersion;
+//
+// Block where we extract Signature version info
+//
+let PlatformVersion = DeviceFileEvents
+| where FileName == "MsMpEng.exe"
+| where FolderPath has @"C:\ProgramData\Microsoft\Windows Defender\Platform\"
+| where Timestamp > PlatformstartDate
+| extend PlatformVersion_Initial=tostring(split(FolderPath, "\\", 5))
+| summarize arg_max(Timestamp, *) by DeviceName
+| project DeviceName, PlatformVersion_Final=extract("([0-9].[0-9][0-9].[0-9][0-9][0-9][0-9].[0-9]-[0-9])", 0, PlatformVersion_Initial);
+//
+// Join Signature and Platform version information
+//
+SignatureVersion
+| join (PlatformVersion
+            | project DeviceName, PlatformVersion_Final)
     on DeviceName
-| project DeviceName , NewVersion , PlatformVersion
+| project DeviceName , NewVersion , PlatformVersion_Final
+| order by NewVersion desc;