STIGQter STIGQter: STIG Summary: Microsoft Windows Server 2019 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Windows Server 2019 must use an anti-virus program.

DISA Rule

SV-205850r569245_rule

Vulnerability Number

V-205850

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

WN19-00-000110

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

If no anti-virus software is in use, install Windows Defender or third-party anti-virus.

Open "PowerShell".

Enter "Install-WindowsFeature -Name Windows-Defender”.

For third-party anti-virus, install per anti-virus instructions and disable Windows Defender.

Open "PowerShell".

Enter "Uninstall-WindowsFeature -Name Windows-Defender”.

Check Contents

Verify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution.

If there is no anti-virus solution installed on the system, this is a finding.

Verify if Windows Defender is in use or enabled:

Open "PowerShell".

Enter “get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName”

Verify if third-party anti-virus is in use or enabled:

Open "PowerShell".

Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName”

Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName”

Vulnerability Number

V-205850

Documentable

False

Rule Version

WN19-00-000110

Severity Override Guidance

Verify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution.

If there is no anti-virus solution installed on the system, this is a finding.

Verify if Windows Defender is in use or enabled:

Open "PowerShell".

Enter “get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName”

Verify if third-party anti-virus is in use or enabled:

Open "PowerShell".

Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName”

Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName”

Check Content Reference

M

Target Key

2907

Comments