UCF STIG Viewer Logo

Windows Defender AV must be configured to prevent user and apps from accessing dangerous websites.


Overview

Finding ID Version Rule ID IA Controls Severity
V-77979 WNDF-AV-000039 SV-92675r1_rule Medium
Description
Enable Windows Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams exploit-hosting sites and other malicious content on the Internet.
STIG Date
MS Windows Defender Antivirus Security Technical Implementation Guide 2020-05-12

Details

Check Text ( C-77589r1_chk )
This setting is applicable starting with v1709 of Windows 10, it is NA for prior versions.

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Network Protection -> "Prevent users and apps from accessing dangerous websites" is set to "Enabled” and “Block" selected in the drop down box.

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection

Criteria: If the value "EnableNetworkProtection" is REG_DWORD = 1, this is not a finding.
Fix Text (F-84691r1_fix)
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Network Protection -> "Prevent users and apps from accessing dangerous websites" to "Enabled” and select “Block" in the drop down box.