← Back to Microsoft Defender Antivirus Security Technical Implementation Guide

V-213444

CAT II (Medium)

Microsoft Defender AV must be configured to scan all downloaded files and attachments.

Rule ID

SV-213444r961089_rule

STIG

Microsoft Defender Antivirus Security Technical Implementation Guide

Version

V2R8

CCIs

CCI-001169

Discussion

This policy setting allows configuration of scanning for all downloaded files and attachments. If this setting is enabled or not configured, scanning for all downloaded files and attachments will be enabled. If this setting is disabled, scanning for all downloaded files and attachments will be disabled.

Check Content

Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Real-time Protection >> "Scan all downloaded files and attachments" is set to "Enabled" or "Not Configured".
 
Procedure: Use the Windows Registry Editor to navigate to the following key: 
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection

Criteria: If the value "DisableIOAVProtection" is REG_DWORD = 0, this is not a finding.

If the value does not exist, this is not a finding.

If the value is 1, this is a finding.

Fix Text

Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Real-time Protection >> "Scan all downloaded files and attachments" to "Enabled" or "Not Configured".