STIGQter: STIG Summary: Microsoft Windows Defender Antivirus Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Windows Defender AV must be configured to not exclude files opened by specified processes.

DISA Rule

SV-213430r569189_rule

Vulnerability Number

V-213430

Group Title

SRG-APP-000278

Rule Version

WNDF-AV-000006

Severity

CAT II

CCI(s)

• CCI-001242 - The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Weight

10

Fix Recommendation

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Process Exclusions" to "Disabled" or "Not Configured".

Check Contents

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Process Exclusions" is set to "Disabled" or "Not Configured".

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions

Criteria: If the value "Exclusions_Processes" does not exist, this is not a finding.

Vulnerability Number

V-213430

Documentable

False

Rule Version

WNDF-AV-000006

Severity Override Guidance

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Process Exclusions" is set to "Disabled" or "Not Configured".

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions

Criteria: If the value "Exclusions_Processes" does not exist, this is not a finding.

Check Content Reference

M

Target Key

3985

Comments