STIGQter STIGQter: STIG Summary: MS Windows Defender Antivirus Security Technical Implementation Guide

Version: 1

Release: 7 Benchmark Date: 24 Jan 2020

CheckedNameTitle
SV-89827r2_ruleWindows Defender AV must be configured to enable the Potentially Unwanted Application (PUA) feature.
SV-89831r2_ruleWindows Defender AV must be configured to automatically take action on all detected tasks.
SV-89833r5_ruleWindows Defender AV must be configured to run and scan for malware and other potentially unwanted software.
SV-89835r2_ruleWindows Defender AV must be configured to not exclude files for scanning.
SV-89837r2_ruleWindows Defender AV must be configured to not exclude files opened by specified processes.
SV-89839r2_ruleWindows Defender AV must be configured to enable the Automatic Exclusions feature.
SV-89841r2_ruleWindows Defender AV must be configured to disable local setting override for reporting to Microsoft MAPS.
SV-89843r2_ruleWindows Defender AV must be configured to check in real time with MAPS before content is run or accessed.
SV-89847r5_ruleWindows Defender AV must be configured to not join Microsoft MAPS.
SV-89887r3_ruleWindows Defender AV must be configured to only send safe samples for MAPS telemetry.
SV-89889r2_ruleWindows Defender AV must be configured for protocol recognition for network protection.
SV-89891r2_ruleWindows Defender AV must be configured to not allow local override of monitoring for file and program activity.
SV-89893r2_ruleWindows Defender AV must be configured to not allow override of monitoring for incoming and outgoing file activity.
SV-89895r2_ruleWindows Defender AV must be configured to not allow override of scanning for downloaded files and attachments.
SV-89897r2_ruleWindows Defender AV must be configured to not allow override of behavior monitoring.
SV-89899r2_ruleWindows Defender AV Group Policy settings must take priority over the local preference settings.
SV-89901r2_ruleWindows Defender AV must monitor for incoming and outgoing files.
SV-89903r2_ruleWindows Defender AV must be configured to monitor for file and program activity.
SV-89905r2_ruleWindows Defender AV must be configured to scan all downloaded files and attachments.
SV-89907r2_ruleWindows Defender AV must be configured to always enable real-time protection.
SV-89909r2_ruleWindows Defender AV must be configured to enable behavior monitoring.
SV-89911r2_ruleWindows Defender AV must be configured to process scanning when real-time protection is enabled.
SV-89913r2_ruleWindows Defender AV must be configured to scan archive files.
SV-89915r2_ruleWindows Defender AV must be configured to scan removable drives.
SV-89917r2_ruleWindows Defender AV must be configured to perform a weekly scheduled scan.
SV-89919r2_ruleWindows Defender AV must be configured to turn on e-mail scanning.
SV-89921r2_ruleWindows Defender AV spyware definition age must not exceed 7 days.
SV-89923r2_ruleWindows Defender AV virus definition age must not exceed 7 days.
SV-89925r2_ruleWindows Defender AV must be configured to check for definition updates daily.
SV-89927r3_ruleWindows Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe.
SV-92661r1_ruleWindows Defender AV must be configured to block executable content from email client and webmail.
SV-92663r1_ruleWindows Defender AV must be configured block Office applications from creating child processes.
SV-92665r1_ruleWindows Defender AV must be configured block Office applications from creating executable content.
SV-92667r1_ruleWindows Defender AV must be configured to block Office applications from injecting into other processes.
SV-92669r1_ruleWindows Defender AV must be configured to impede JavaScript and VBScript to launch executables.
SV-92671r1_ruleWindows Defender AV must be configured to block execution of potentially obfuscated scripts.
SV-92673r1_ruleWindows Defender AV must be configured to block Win32 imports from macro code in Office.
SV-92675r1_ruleWindows Defender AV must be configured to prevent user and apps from accessing dangerous websites.
SV-94669r1_ruleWindows Defender AV must be configured for automatic remediation action to be taken for threat alert level High.
SV-94671r1_ruleWindows Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium.
SV-94675r1_ruleWindows Defender AV must be configured for automatic remediation action to be taken for threat alert level Low.