UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

MS Windows Defender Antivirus Security Technical Implementation Guide


Overview

Date Finding Count (41)
2018-03-29 CAT I (High): 4 CAT II (Med): 37 CAT III (Low): 0
STIG Description
The Windows Defender Antivirus Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be send via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-75147 High Windows Defender AV must be configured to enable the Potentially Unwanted Application (PUA) feature.
V-75153 High Windows Defender AV must be configured to run and scan for malware and other potentially unwanted software.
V-75241 High Windows Defender AV spyware definition age must not exceed 7 days.
V-75243 High Windows Defender AV virus definition age must not exceed 7 days.
V-77967 Medium Windows Defender AV must be configured block Office applications from creating child processes.
V-77965 Medium Windows Defender AV must be configured to block executable content from email client and webmail.
V-77969 Medium Windows Defender AV must be configured block Office applications from creating executable content.
V-75239 Medium Windows Defender AV must be configured to turn on e-mail scanning.
V-75219 Medium Windows Defender AV Group Policy settings must take priority over the local preference settings.
V-75217 Medium Windows Defender AV must be configured to not allow override of behavior monitoring.
V-75161 Medium Windows Defender AV must be configured to disable local setting override for reporting to Microsoft MAPS.
V-75215 Medium Windows Defender AV must be configured to not allow override of scanning for downloaded files and attachments.
V-75231 Medium Windows Defender AV must be configured to process scanning when real-time protection is enabled.
V-75213 Medium Windows Defender AV must be configured to not allow override of monitoring for incoming and outgoing file activity.
V-75211 Medium Windows Defender AV must be configured to not allow local override of monitoring for file and program activity.
V-79971 Medium Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Low.
V-75159 Medium Windows Defender AV must be configured to enable the Automatic Exclusions feature.
V-75163 Medium Windows Defender AV must be configured to check in real time with MAPS before content is run or accessed.
V-75227 Medium Windows Defender AV must be configured to always enable real-time protection.
V-75151 Medium Windows Defender AV must be configured to automatically take action on all detected tasks.
V-75155 Medium Windows Defender AV must be configured to not exclude files for scanning.
V-75157 Medium Windows Defender AV must be configured to not exclude files opened by specified processes.
V-77975 Medium Windows Defender AV must be configured to block execution of potentially obfuscated scripts.
V-75225 Medium Windows Defender AV must be configured to scan all downloaded files and attachments.
V-77971 Medium Windows Defender AV must be configured to block Office applications from injecting into other processes.
V-77973 Medium Windows Defender AV must be configured to impede JavaScript and VBScript to launch executables.
V-77979 Medium Windows Defender AV must be configured to prevent user and apps from accessing dangerous websites.
V-75223 Medium Windows Defender AV must be configured to monitor for file and program activity.
V-75209 Medium Windows Defender AV must be configured for protocol recognition for network protection.
V-75245 Medium Windows Defender AV must be configured to check for definition updates daily.
V-75221 Medium Windows Defender AV must monitor for incoming and outgoing files.
V-75235 Medium Windows Defender AV must be configured to scan removable drives.
V-75247 Medium Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe.
V-75229 Medium Windows Defender AV must be configured to enable behavior monitoring.
V-75167 Medium Windows Defender AV must be configured to join Microsoft MAPS.
V-77977 Medium Windows Defender AV must be configured to block Win32 imports from macro code in Office.
V-79965 Medium Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level High.
V-75237 Medium Windows Defender AV must be configured to perform a weekly scheduled scan.
V-79967 Medium Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium.
V-75233 Medium Windows Defender AV must be configured to scan archive files.
V-75207 Medium Windows Defender AV must be configured to only send safe samples for MAPS telemetry.