UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Windows Defender Antivirus Security Technical Implementation Guide


Overview

Date Finding Count (41)
2021-03-05 CAT I (High): 4 CAT II (Med): 37 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-213452 High Windows Defender AV spyware definition age must not exceed 7 days.
V-213453 High Windows Defender AV virus definition age must not exceed 7 days.
V-213428 High Windows Defender AV must be configured to run and scan for malware and other potentially unwanted software.
V-213426 High Windows Defender AV must be configured to block the Potentially Unwanted Application (PUA) feature.
V-213458 Medium Windows Defender AV must be configured block Office applications from creating executable content.
V-213459 Medium Windows Defender AV must be configured to block Office applications from injecting into other processes.
V-213450 Medium Windows Defender AV must be configured to perform a weekly scheduled scan.
V-213451 Medium Windows Defender AV must be configured to turn on e-mail scanning.
V-213456 Medium Windows Defender AV must be configured to block executable content from email client and webmail.
V-213457 Medium Windows Defender AV must be configured block Office applications from creating child processes.
V-213454 Medium Windows Defender AV must be configured to check for definition updates daily.
V-213455 Medium Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe.
V-213438 Medium Windows Defender AV must be configured to not allow override of monitoring for incoming and outgoing file activity.
V-213439 Medium Windows Defender AV must be configured to not allow override of scanning for downloaded files and attachments.
V-213430 Medium Windows Defender AV must be configured to not exclude files opened by specified processes.
V-213431 Medium Windows Defender AV must be configured to enable the Automatic Exclusions feature.
V-213432 Medium Windows Defender AV must be configured to disable local setting override for reporting to Microsoft MAPS.
V-213433 Medium Windows Defender AV must be configured to check in real time with MAPS before content is run or accessed.
V-213434 Medium Windows Defender AV must be configured to join Microsoft MAPS.
V-213435 Medium Windows Defender AV must be configured to only send safe samples for MAPS telemetry.
V-213436 Medium Windows Defender AV must be configured for protocol recognition for network protection.
V-213437 Medium Windows Defender AV must be configured to not allow local override of monitoring for file and program activity.
V-213449 Medium Windows Defender AV must be configured to scan removable drives.
V-213448 Medium Windows Defender AV must be configured to scan archive files.
V-213445 Medium Windows Defender AV must be configured to always enable real-time protection.
V-213444 Medium Windows Defender AV must be configured to scan all downloaded files and attachments.
V-213447 Medium Windows Defender AV must be configured to process scanning when real-time protection is enabled.
V-213446 Medium Windows Defender AV must be configured to enable behavior monitoring.
V-213441 Medium Windows Defender AV Group Policy settings must take priority over the local preference settings.
V-213440 Medium Windows Defender AV must be configured to not allow override of behavior monitoring.
V-213443 Medium Windows Defender AV must be configured to monitor for file and program activity.
V-213442 Medium Windows Defender AV must monitor for incoming and outgoing files.
V-213466 Medium Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Low.
V-213429 Medium Windows Defender AV must be configured to not exclude files for scanning.
V-213463 Medium Windows Defender AV must be configured to prevent user and apps from accessing dangerous websites.
V-213462 Medium Windows Defender AV must be configured to block Win32 imports from macro code in Office.
V-213461 Medium Windows Defender AV must be configured to block execution of potentially obfuscated scripts.
V-213460 Medium Windows Defender AV must be configured to impede JavaScript and VBScript to launch executables.
V-213427 Medium Windows Defender AV must be configured to automatically take action on all detected tasks.
V-213465 Medium Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium.
V-213464 Medium Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level High.