UCF STIG Viewer Logo

Windows Defender Antivirus Security Technical Implementation Guide


Overview

Date Finding Count (38)
2017-12-27 CAT I (High): 4 CAT II (Med): 34 CAT III (Low): 0
STIG Description
The Windows Defender Antivirus Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be send via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-75147 High Windows Defender AV must be configured to enable the Potentially Unwanted Application (PUA) feature.
V-75153 High Windows Defender AV must be configured to run and scan for malware and other potentially unwanted software.
V-75241 High Windows Defender AV spyware definition age must not exceed 7 days.
V-75243 High Windows Defender AV virus definition age must not exceed 7 days.
V-77967 Medium Windows Defender AV must be configured block Office applications from creating child processes.
V-77965 Medium Windows Defender AV must be configured to block executable content from email client and webmail.
V-77969 Medium Windows Defender AV must be configured block Office applications from creating executable content.
V-75239 Medium Windows Defender AV must be configured to turn on e-mail scanning.
V-75219 Medium Windows Defender AV Group Policy settings must take priority over the local preference settings.
V-75217 Medium Windows Defender AV must be configured to not allow override of behavior monitoring.
V-75215 Medium Windows Defender AV must be configured to not allow override of scanning for downloaded files and attachments.
V-75231 Medium Windows Defender AV must be configured to process scanning when real-time protection is enabled.
V-75213 Medium Windows Defender AV must be configured to not allow override of monitoring for incoming and outgoing file activity.
V-75211 Medium Windows Defender AV must be configured to not allow local override of monitoring for file and program activity.
V-75209 Medium Windows Defender AV must be configured for protocol recognition for network protection.
V-75159 Medium Windows Defender AV must be configured to enable the Automatic Exclusions feature.
V-75227 Medium Windows Defender AV must be configured to always enable real-time protection.
V-75151 Medium Windows Defender AV must be configured to automatically take action on all detected tasks.
V-75155 Medium Windows Defender AV must be configured to not exclude files for scanning.
V-75157 Medium Windows Defender AV must be configured to not exclude files opened by specified processes.
V-77975 Medium Windows Defender AV must be configured to block execution of potentially obfuscated scripts.
V-75225 Medium Windows Defender AV must be configured to scan all downloaded files and attachments.
V-77971 Medium Windows Defender AV must be configured to block Office applications from injecting into other processes.
V-77973 Medium Windows Defender AV must be configured to impede JavaScript and VBScript to launch executables.
V-77979 Medium Windows Defender AV must be configured to prevent user and apps from accessing dangerous websites.
V-75223 Medium Windows Defender AV must be configured to monitor for file and program activity.
V-75245 Medium Windows Defender AV must be configured to check for definition updates daily.
V-75221 Medium Windows Defender AV must monitor for incoming and outgoing files.
V-75235 Medium Windows Defender AV must be configured to scan removable drives.
V-75247 Medium Windows Defender AV must be configured for automatic remediation action to be taken for each threat alert level.
V-75229 Medium Windows Defender AV must be configured to enable behavior monitoring.
V-75167 Medium Windows Defender AV must be configured to join Microsoft MAPS.
V-77977 Medium Windows Defender AV must be configured to block Win32 imports from macro code in Office.
V-75161 Medium Windows Defender AV must be configured to disable local setting override for reporting to Microsoft MAPS.
V-75237 Medium Windows Defender AV must be configured to perform a weekly scheduled scan.
V-75163 Medium Windows Defender AV must be configured to check in real time with MAPS before content is run or accessed.
V-75233 Medium Windows Defender AV must be configured to scan archive files.
V-75207 Medium Windows Defender AV must be configured to only send safe samples for MAPS telemetry.