STIGQter: STIG Summary: Microsoft Windows Defender Antivirus Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Windows Defender AV must be configured to run and scan for malware and other potentially unwanted software.

DISA Rule

SV-213428r569189_rule

Vulnerability Number

V-213428

Group Title

SRG-APP-000278

Rule Version

WNDF-AV-000004

Severity

CAT I

CCI(s)

• CCI-001242 - The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Weight

10

Fix Recommendation

For Windows 10: Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Defender Antivirus set "Turn off Windows Defender Antivirus" to "Not Configured".

Check Contents

Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Defender Antivirus >> "Turn off Windows Defender Antivirus" is set to “Not Configured”.

For Windows 10:
Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender

Criteria: If the value "DisableAntiSpyware" does not exist, this is not a finding.

Vulnerability Number

V-213428

Documentable

False

Rule Version

WNDF-AV-000004

Severity Override Guidance

Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Defender Antivirus >> "Turn off Windows Defender Antivirus" is set to “Not Configured”.

For Windows 10:
Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender

Criteria: If the value "DisableAntiSpyware" does not exist, this is not a finding.

Check Content Reference

M

Target Key

3985

Comments