Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-77979 | WNDF-AV-000039 | SV-92675r1_rule | Medium |
Description |
---|
Enable Windows Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams exploit-hosting sites and other malicious content on the Internet. |
STIG | Date |
---|---|
Windows Defender Antivirus Security Technical Implementation Guide | 2017-12-27 |
Check Text ( C-77589r1_chk ) |
---|
This setting is applicable starting with v1709 of Windows 10, it is NA for prior versions. Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Network Protection -> "Prevent users and apps from accessing dangerous websites" is set to "Enabled” and “Block" selected in the drop down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection Criteria: If the value "EnableNetworkProtection" is REG_DWORD = 1, this is not a finding. |
Fix Text (F-84691r1_fix) |
---|
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Network Protection -> "Prevent users and apps from accessing dangerous websites" to "Enabled” and select “Block" in the drop down box. |