UCF STIG Viewer Logo

Microsoft Windows Defender Antivirus Security Technical Implementation Guide


Overview

Date Finding Count (41)
2020-10-15 CAT I (High): 4 CAT II (Med): 37 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-213452 High Windows Defender AV spyware definition age must not exceed 7 days.
V-213453 High Windows Defender AV virus definition age must not exceed 7 days.
V-213428 High Windows Defender AV must be configured to run and scan for malware and other potentially unwanted software.
V-213426 High Windows Defender AV must be configured to block the Potentially Unwanted Application (PUA) feature.
V-213458 Medium Windows Defender AV must be configured block Office applications from creating executable content.
V-213459 Medium Windows Defender AV must be configured to block Office applications from injecting into other processes.
V-213450 Medium Windows Defender AV must be configured to perform a weekly scheduled scan.
V-213451 Medium Windows Defender AV must be configured to turn on e-mail scanning.
V-213456 Medium Windows Defender AV must be configured to block executable content from email client and webmail.
V-213457 Medium Windows Defender AV must be configured block Office applications from creating child processes.
V-213454 Medium Windows Defender AV must be configured to check for definition updates daily.
V-213455 Medium Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe.
V-213438 Medium Windows Defender AV must be configured to not allow override of monitoring for incoming and outgoing file activity.
V-213439 Medium Windows Defender AV must be configured to not allow override of scanning for downloaded files and attachments.
V-213430 Medium Windows Defender AV must be configured to not exclude files opened by specified processes.
V-213431 Medium Windows Defender AV must be configured to enable the Automatic Exclusions feature.
V-213432 Medium Windows Defender AV must be configured to disable local setting override for reporting to Microsoft MAPS.
V-213433 Medium Windows Defender AV must be configured to check in real time with MAPS before content is run or accessed.
V-213434 Medium Windows Defender AV must be configured to join Microsoft MAPS.
V-213435 Medium Windows Defender AV must be configured to only send safe samples for MAPS telemetry.
V-213436 Medium Windows Defender AV must be configured for protocol recognition for network protection.
V-213437 Medium Windows Defender AV must be configured to not allow local override of monitoring for file and program activity.
V-213449 Medium Windows Defender AV must be configured to scan removable drives.
V-213448 Medium Windows Defender AV must be configured to scan archive files.
V-213445 Medium Windows Defender AV must be configured to always enable real-time protection.
V-213444 Medium Windows Defender AV must be configured to scan all downloaded files and attachments.
V-213447 Medium Windows Defender AV must be configured to process scanning when real-time protection is enabled.
V-213446 Medium Windows Defender AV must be configured to enable behavior monitoring.
V-213441 Medium Windows Defender AV Group Policy settings must take priority over the local preference settings.
V-213440 Medium Windows Defender AV must be configured to not allow override of behavior monitoring.
V-213443 Medium Windows Defender AV must be configured to monitor for file and program activity.
V-213442 Medium Windows Defender AV must monitor for incoming and outgoing files.
V-213466 Medium Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Low.
V-213429 Medium Windows Defender AV must be configured to not exclude files for scanning.
V-213463 Medium Windows Defender AV must be configured to prevent user and apps from accessing dangerous websites.
V-213462 Medium Windows Defender AV must be configured to block Win32 imports from macro code in Office.
V-213461 Medium Windows Defender AV must be configured to block execution of potentially obfuscated scripts.
V-213460 Medium Windows Defender AV must be configured to impede JavaScript and VBScript to launch executables.
V-213427 Medium Windows Defender AV must be configured to automatically take action on all detected tasks.
V-213465 Medium Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium.
V-213464 Medium Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level High.