STIGQter STIGQter: STIG Summary: Microsoft Windows Defender Antivirus Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe.

DISA Rule

SV-213455r569189_rule

Vulnerability Number

V-213455

Group Title

SRG-APP-000207

Rule Version

WNDF-AV-000031

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Threats -> "Specify threat alert levels at which default action should not be taken when detected" to "Enabled". Select the “Show…” option box and enter "5” in the ‘Value name’ field and enter “2" in the ‘Value’ field.

Check Contents

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Threats -> "Specify threat alert levels at which default action should not be taken when detected" is set to "Enabled". Click the “Show…” box option and verify the ‘Value name’ field contains a value of “5” and the ‘Value’ field contains a “2". A value of “3” in the ‘Value’ field is more restrictive and also an acceptable value.

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction

Criteria: If the value "5" is REG_SZ = 2 (or 3), this is not a finding.

Vulnerability Number

V-213455

Documentable

False

Rule Version

WNDF-AV-000031

Severity Override Guidance

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Threats -> "Specify threat alert levels at which default action should not be taken when detected" is set to "Enabled". Click the “Show…” box option and verify the ‘Value name’ field contains a value of “5” and the ‘Value’ field contains a “2". A value of “3” in the ‘Value’ field is more restrictive and also an acceptable value.

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction

Criteria: If the value "5" is REG_SZ = 2 (or 3), this is not a finding.

Check Content Reference

M

Target Key

3985

Comments