DISA STIG • Endpoint Security
Microsoft Defender Antivirus
| Vuln ID | STIG ID | CAT | Finding | Responsibility |
|---|---|---|---|---|
| V-213426 | WNDF-AV-000001 | CAT I | Microsoft Defender AV must be configured to block the Potentially Unwanted Application (PUA) feature. | — |
| V-213428 | WNDF-AV-000004 | CAT I | Microsoft Defender AV must be configured to run and scan for malware and other potentially unwanted software. | — |
| V-213452 | WNDF-AV-000028 | CAT I | Microsoft Defender AV spyware definition age must not exceed 7 days. | — |
| V-213453 | WNDF-AV-000029 | CAT I | Microsoft Defender AV virus definition age must not exceed 7 days. | — |
| V-213427 | WNDF-AV-000003 | CAT II | Microsoft Defender AV must be configured to automatically take action on all detected tasks. | — |
| V-213429 | WNDF-AV-000005 | CAT II | Microsoft Defender AV must be configured to not exclude files for scanning. | — |
| V-213430 | WNDF-AV-000006 | CAT II | Microsoft Defender AV must be configured to not exclude files opened by specified processes. | — |
| V-213431 | WNDF-AV-000007 | CAT II | Microsoft Defender AV must be configured to enable the Automatic Exclusions feature. | — |
| V-213432 | WNDF-AV-000008 | CAT II | Microsoft Defender AV must be configured to disable local setting override for reporting to Microsoft MAPS. | — |
| V-213433 | WNDF-AV-000009 | CAT II | Microsoft Defender AV must be configured to check in real time with MAPS before content is run or accessed. | — |
| V-213434 | WNDF-AV-000010 | CAT II | Microsoft Defender AV must join Microsoft MAPS. | — |
| V-213435 | WNDF-AV-000011 | CAT II | Microsoft Defender AV must be configured to only send safe samples for MAPS telemetry. | — |
| V-213436 | WNDF-AV-000012 | CAT II | Microsoft Defender AV must be configured for protocol recognition for network protection. | — |
| V-213437 | WNDF-AV-000013 | CAT II | Microsoft Defender AV must be configured to not allow local override of monitoring for file and program activity. | — |
| V-213438 | WNDF-AV-000014 | CAT II | Microsoft Defender AV must be configured to not allow override of monitoring for incoming and outgoing file activity. | — |
| V-213439 | WNDF-AV-000015 | CAT II | Microsoft Defender AV must be configured to not allow override of scanning for downloaded files and attachments. | — |
| V-213440 | WNDF-AV-000016 | CAT II | Microsoft Defender AV must be configured to not allow override of behavior monitoring. | — |
| V-213441 | WNDF-AV-000017 | CAT II | Microsoft Defender AV Group Policy settings must take priority over the local preference settings. | — |
| V-213442 | WNDF-AV-000018 | CAT II | Microsoft Defender AV must monitor for incoming and outgoing files. | — |
| V-213443 | WNDF-AV-000019 | CAT II | Microsoft Defender AV must be configured to monitor for file and program activity. | — |
| V-213444 | WNDF-AV-000020 | CAT II | Microsoft Defender AV must be configured to scan all downloaded files and attachments. | — |
| V-213445 | WNDF-AV-000021 | CAT II | Microsoft Defender AV must be configured to always enable real-time protection. | — |
| V-213446 | WNDF-AV-000022 | CAT II | Microsoft Defender AV must be configured to enable behavior monitoring. | — |
| V-213447 | WNDF-AV-000023 | CAT II | Microsoft Defender AV must be configured to process scanning when real-time protection is enabled. | — |
| V-213448 | WNDF-AV-000024 | CAT II | Microsoft Defender AV must be configured to scan archive files. | — |
| V-213449 | WNDF-AV-000025 | CAT II | Microsoft Defender AV must be configured to scan removable drives. | — |
| V-213450 | WNDF-AV-000026 | CAT II | Microsoft Defender AV must be configured to perform a weekly scheduled scan. | — |
| V-213451 | WNDF-AV-000027 | CAT II | Microsoft Defender AV must be configured to turn on e-mail scanning. | — |
| V-213454 | WNDF-AV-000030 | CAT II | Microsoft Defender AV must be configured to check for definition updates daily. | — |
| V-213455 | WNDF-AV-000031 | CAT II | Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe. | — |
| V-213456 | WNDF-AV-000032 | CAT II | Microsoft Defender AV must be configured to block executable content from email client and webmail. | — |
| V-213457 | WNDF-AV-000033 | CAT II | Microsoft Defender AV must be configured block Office applications from creating child processes. | — |
| V-213458 | WNDF-AV-000034 | CAT II | Microsoft Defender AV must be configured block Office applications from creating executable content. | — |
| V-213459 | WNDF-AV-000035 | CAT II | Microsoft Defender AV must be configured to block Office applications from injecting into other processes. | — |
| V-213460 | WNDF-AV-000036 | CAT II | Microsoft Defender AV must be configured to impede JavaScript and VBScript to launch executables. | — |
| V-213461 | WNDF-AV-000037 | CAT II | Microsoft Defender AV must be configured to block execution of potentially obfuscated scripts. | — |
| V-213462 | WNDF-AV-000038 | CAT II | Microsoft Defender AV must be configured to block Win32 imports from macro code in Office. | — |
| V-213463 | WNDF-AV-000039 | CAT II | Microsoft Defender AV must be configured to prevent user and apps from accessing dangerous websites. | — |
| V-213464 | WNDF-AV-000040 | CAT II | Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level High. | — |
| V-213465 | WNDF-AV-000041 | CAT II | Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium. | — |
| V-213466 | WNDF-AV-000042 | CAT II | Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Low. | — |
| V-278647 | WNDF-AV-000043 | CAT II | Microsoft Defender AV must block Adobe Reader from creating child processes. | — |
| V-278648 | WNDF-AV-000044 | CAT II | Microsoft Defender AV must block credential stealing from the Windows local security authority subsystem. | — |
| V-278649 | WNDF-AV-000045 | CAT II | Microsoft Defender AV must block untrusted and unsigned processes that run from USB. | — |
| V-278650 | WNDF-AV-000046 | CAT II | Microsoft Defender AV must use advanced protection against ransomware. | — |
| V-278651 | WNDF-AV-000047 | CAT II | Microsoft Defender AV must block process creations originating from PSExec and WMI commands. | — |
| V-278652 | WNDF-AV-000048 | CAT II | Microsoft Defender AV must block persistence through WMI event subscription. | — |
| V-278653 | WNDF-AV-000049 | CAT II | Microsoft Defender AV must block executable files from running unless they meet a prevalence, age, or trusted list criterion. | — |
| V-278654 | WNDF-AV-000050 | CAT II | Microsoft Defender AV must block Office communication application from creating child processes. | — |
| V-278655 | WNDF-AV-000051 | CAT II | Microsoft Defender AV must block abuse of exploited vulnerable signed drivers. | — |
| V-278656 | WNDF-AV-000052 | CAT II | Microsoft Defender AV must configure local administrator merge behavior for lists. | — |
| V-278658 | WNDF-AV-000054 | CAT II | Microsoft Defender AV must control whether exclusions are visible to Local Admins. | — |
| V-278659 | WNDF-AV-000055 | CAT II | Microsoft Defender AV must randomize scheduled task times. | — |
| V-278660 | WNDF-AV-000056 | CAT II | Microsoft Defender AV must hide the Family options area. | — |
| V-278661 | WNDF-AV-000057 | CAT II | Microsoft Defender AV must enable the file hash computation feature. | — |
| V-278662 | WNDF-AV-000058 | CAT II | Microsoft Defender AV must enable extended cloud check. | — |
| V-278668 | WNDF-AV-000064 | CAT II | Microsoft Defender AV must enable script scanning. | — |
| V-278669 | WNDF-AV-000065 | CAT II | Microsoft Defender AV must enable real-time protection and Security Intelligence Updates during OOBE. | — |
| V-278672 | WNDF-AV-000068 | CAT II | Microsoft Defender AV must enable network protection to be configured into block or audit mode on Windows Server. | — |
| V-278674 | WNDF-AV-000070 | CAT II | Microsoft Defender AV must enable EDR in block mode. | — |
| V-278675 | WNDF-AV-000071 | CAT II | Microsoft Defender AV must report Dynamic Signature dropped events. | — |
| V-278676 | WNDF-AV-000072 | CAT II | Microsoft Defender AV must scan excluded files and directories during quick scans. | — |
| V-278863 | WNDF-AV-000073 | CAT II | Microsoft Defender AV must set cloud protection level to High. | — |
| V-278677 | WNDF-AV-000074 | CAT II | Microsoft Defender AV must convert warn verdict to block. | — |
| V-278678 | WNDF-AV-000075 | CAT II | Microsoft Defender AV must enable asynchronous inspection. | — |
| V-278679 | WNDF-AV-000076 | CAT II | Microsoft Defender AV must scan packed executables. | — |
| V-278680 | WNDF-AV-000077 | CAT II | Microsoft Defender AV must enable heuristics. | — |
No rules match your search.