Windows Defender AV must be configured to enable the Automatic Exclusions feature.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-213431	WNDF-AV-000007	SV-213431r569189_rule		Medium

Description
Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.

STIG	Date
Microsoft Windows Defender Antivirus Security Technical Implementation Guide	2021-09-30

Details

Check Text ( C-14656r314602_chk )
Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Turn off Auto Exclusions" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions Criteria: If the value "DisableAutoExclusions" is REG_DWORD = 0, this is not a finding.

Check Text ( C-14656r314602_chk )

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Turn off Auto Exclusions" is set to "Disabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions

Criteria: If the value "DisableAutoExclusions" is REG_DWORD = 0, this is not a finding.

Fix Text (F-14654r314603_fix)
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Turn off Auto Exclusions" to "Disabled".