UCF STIG Viewer Logo

Microsoft Defender Antivirus Security Technical Implementation Guide


Overview

Date Finding Count (41)
2022-04-08 CAT I (High): 4 CAT II (Med): 37 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-213452 High Microsoft Defender AV spyware definition age must not exceed 7 days.
V-213453 High Microsoft Defender AV virus definition age must not exceed 7 days.
V-213428 High Microsoft Defender AV must be configured to run and scan for malware and other potentially unwanted software.
V-213426 High Microsoft Defender AV must be configured to block the Potentially Unwanted Application (PUA) feature.
V-213458 Medium Microsoft Defender AV must be configured block Office applications from creating executable content.
V-213459 Medium Microsoft Defender AV must be configured to block Office applications from injecting into other processes.
V-213450 Medium Microsoft Defender AV must be configured to perform a weekly scheduled scan.
V-213451 Medium Microsoft Defender AV must be configured to turn on e-mail scanning.
V-213456 Medium Microsoft Defender AV must be configured to block executable content from email client and webmail.
V-213457 Medium Microsoft Defender AV must be configured block Office applications from creating child processes.
V-213454 Medium Microsoft Defender AV must be configured to check for definition updates daily.
V-213455 Medium Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe.
V-213438 Medium Microsoft Defender AV must be configured to not allow override of monitoring for incoming and outgoing file activity.
V-213439 Medium Microsoft Defender AV must be configured to not allow override of scanning for downloaded files and attachments.
V-213430 Medium Microsoft Defender AV must be configured to not exclude files opened by specified processes.
V-213431 Medium Microsoft Defender AV must be configured to enable the Automatic Exclusions feature.
V-213432 Medium Microsoft Defender AV must be configured to disable local setting override for reporting to Microsoft MAPS.
V-213433 Medium Microsoft Defender AV must be configured to check in real time with MAPS before content is run or accessed.
V-213434 Medium Microsoft Defender AV must be configured to join Microsoft MAPS.
V-213435 Medium Microsoft Defender AV must be configured to only send safe samples for MAPS telemetry.
V-213436 Medium Microsoft Defender AV must be configured for protocol recognition for network protection.
V-213437 Medium Microsoft Defender AV must be configured to not allow local override of monitoring for file and program activity.
V-213449 Medium Microsoft Defender AV must be configured to scan removable drives.
V-213448 Medium Microsoft Defender AV must be configured to scan archive files.
V-213445 Medium Microsoft Defender AV must be configured to always enable real-time protection.
V-213444 Medium Microsoft Defender AV must be configured to scan all downloaded files and attachments.
V-213447 Medium Microsoft Defender AV must be configured to process scanning when real-time protection is enabled.
V-213446 Medium Microsoft Defender AV must be configured to enable behavior monitoring.
V-213441 Medium Microsoft Defender AV Group Policy settings must take priority over the local preference settings.
V-213440 Medium Microsoft Defender AV must be configured to not allow override of behavior monitoring.
V-213443 Medium Microsoft Defender AV must be configured to monitor for file and program activity.
V-213442 Medium Microsoft Defender AV must monitor for incoming and outgoing files.
V-213466 Medium Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Low.
V-213429 Medium Microsoft Defender AV must be configured to not exclude files for scanning.
V-213463 Medium Microsoft Defender AV must be configured to prevent user and apps from accessing dangerous websites.
V-213462 Medium Microsoft Defender AV must be configured to block Win32 imports from macro code in Office.
V-213461 Medium Microsoft Defender AV must be configured to block execution of potentially obfuscated scripts.
V-213460 Medium Microsoft Defender AV must be configured to impede JavaScript and VBScript to launch executables.
V-213427 Medium Microsoft Defender AV must be configured to automatically take action on all detected tasks.
V-213465 Medium Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium.
V-213464 Medium Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level High.