← Back to Microsoft Windows Server 2016 Security Technical Implementation Guide

V-224829

CAT I (High)

The Windows Server 2016 system must use an anti-virus program.

Rule ID

SV-224829r991589_rule

STIG

Microsoft Windows Server 2016 Security Technical Implementation Guide

Version

V2R10

CCIs

CCI-000366

Discussion

Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operating system.

Check Content

Verify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution.

If there is no anti-virus solution installed on the system, this is a finding.

Verify if Windows Defender is in use or enabled:

Open "PowerShell".

Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName”

Verify if third-party anti-virus is in use or enabled:

Open "PowerShell".

Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName”

Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName”

Fix Text

If no anti-virus software is in use, install Windows Defender or third-party anti-virus.

Open "PowerShell".

Enter "Install-WindowsFeature -Name Windows-Defender”

For third-party anti-virus, install per anti-virus instructions and disable Windows Defender.

Open "PowerShell".

Enter “Uninstall-WindowsFeature -Name Windows-Defender”.