STIGQter: STIG Summary: Microsoft Windows Defender Antivirus Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Windows Defender AV must be configured for protocol recognition for network protection.

DISA Rule

SV-213436r569189_rule

Vulnerability Number

V-213436

Group Title

SRG-APP-000278

Rule Version

WNDF-AV-000012

Severity

CAT II

CCI(s)

CCI-001242 - The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Weight

Fix Recommendation

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Network Inspection System -> "Turn on protocol recognition" to "Enabled" or "Not Configured".

Check Contents

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Network Inspection System -> "Turn on protocol recognition" is set to "Enabled" or "Not Configured".

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\NIS

Criteria: If the value "DisableProtocolRecognition" is REG_DWORD = 0, this is not a finding.

If the value does not exist, this is not a finding.

If the value is 1, this is a finding.

Windows Defender AV must be configured for protocol recognition for network protection.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments