UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Defender Antivirus Security Technical Implementation Guide


Overview

Date Finding Count (41)
2022-04-08 CAT I (High): 4 CAT II (Med): 37 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-213452 High Microsoft Defender AV spyware definition age must not exceed 7 days.
V-213453 High Microsoft Defender AV virus definition age must not exceed 7 days.
V-213428 High Microsoft Defender AV must be configured to run and scan for malware and other potentially unwanted software.
V-213426 High Microsoft Defender AV must be configured to block the Potentially Unwanted Application (PUA) feature.
V-213458 Medium Microsoft Defender AV must be configured block Office applications from creating executable content.
V-213459 Medium Microsoft Defender AV must be configured to block Office applications from injecting into other processes.
V-213450 Medium Microsoft Defender AV must be configured to perform a weekly scheduled scan.
V-213451 Medium Microsoft Defender AV must be configured to turn on e-mail scanning.
V-213456 Medium Microsoft Defender AV must be configured to block executable content from email client and webmail.
V-213457 Medium Microsoft Defender AV must be configured block Office applications from creating child processes.
V-213454 Medium Microsoft Defender AV must be configured to check for definition updates daily.
V-213455 Medium Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe.
V-213438 Medium Microsoft Defender AV must be configured to not allow override of monitoring for incoming and outgoing file activity.
V-213439 Medium Microsoft Defender AV must be configured to not allow override of scanning for downloaded files and attachments.
V-213430 Medium Microsoft Defender AV must be configured to not exclude files opened by specified processes.
V-213431 Medium Microsoft Defender AV must be configured to enable the Automatic Exclusions feature.
V-213432 Medium Microsoft Defender AV must be configured to disable local setting override for reporting to Microsoft MAPS.
V-213433 Medium Microsoft Defender AV must be configured to check in real time with MAPS before content is run or accessed.
V-213434 Medium Microsoft Defender AV must be configured to join Microsoft MAPS.
V-213435 Medium Microsoft Defender AV must be configured to only send safe samples for MAPS telemetry.
V-213436 Medium Microsoft Defender AV must be configured for protocol recognition for network protection.
V-213437 Medium Microsoft Defender AV must be configured to not allow local override of monitoring for file and program activity.
V-213449 Medium Microsoft Defender AV must be configured to scan removable drives.
V-213448 Medium Microsoft Defender AV must be configured to scan archive files.
V-213445 Medium Microsoft Defender AV must be configured to always enable real-time protection.
V-213444 Medium Microsoft Defender AV must be configured to scan all downloaded files and attachments.
V-213447 Medium Microsoft Defender AV must be configured to process scanning when real-time protection is enabled.
V-213446 Medium Microsoft Defender AV must be configured to enable behavior monitoring.
V-213441 Medium Microsoft Defender AV Group Policy settings must take priority over the local preference settings.
V-213440 Medium Microsoft Defender AV must be configured to not allow override of behavior monitoring.
V-213443 Medium Microsoft Defender AV must be configured to monitor for file and program activity.
V-213442 Medium Microsoft Defender AV must monitor for incoming and outgoing files.
V-213466 Medium Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Low.
V-213429 Medium Microsoft Defender AV must be configured to not exclude files for scanning.
V-213463 Medium Microsoft Defender AV must be configured to prevent user and apps from accessing dangerous websites.
V-213462 Medium Microsoft Defender AV must be configured to block Win32 imports from macro code in Office.
V-213461 Medium Microsoft Defender AV must be configured to block execution of potentially obfuscated scripts.
V-213460 Medium Microsoft Defender AV must be configured to impede JavaScript and VBScript to launch executables.
V-213427 Medium Microsoft Defender AV must be configured to automatically take action on all detected tasks.
V-213465 Medium Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium.
V-213464 Medium Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level High.