STIGQter: STIG Summary: Microsoft Windows Defender Antivirus Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Windows Defender AV must be configured to block the Potentially Unwanted Application (PUA) feature.

DISA Rule

SV-213426r569189_rule

Vulnerability Number

V-213426

Group Title

SRG-APP-000279

Rule Version

WNDF-AV-000001

Severity

CAT I

CCI(s)

• CCI-001243 - The organization configures malicious code protection mechanisms to perform organization-defined action(s) in response to malicious code detection.

Weight

10

Fix Recommendation

Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Defender Antivirus >> "Configure Detection for Potentially Unwanted Applications" to "Enabled" and "Block".

Check Contents

Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Defender Antivirus >> "Configure detection for potentially unwanted applications" is set to "Enabled" and "Block".

Use the Windows Registry Editor to navigate to the following key:

HKLM\Software\Policies\Microsoft\Windows Defender

If the value "PUAProtection" does not exist, this is a finding.

If the value "PUAProtection" is REG_DWORD = 1, this is not a finding.

Vulnerability Number

V-213426

Documentable

False

Rule Version

WNDF-AV-000001

Severity Override Guidance

Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Defender Antivirus >> "Configure detection for potentially unwanted applications" is set to "Enabled" and "Block".

Use the Windows Registry Editor to navigate to the following key:

HKLM\Software\Policies\Microsoft\Windows Defender

If the value "PUAProtection" does not exist, this is a finding.

If the value "PUAProtection" is REG_DWORD = 1, this is not a finding.

Check Content Reference

M

Target Key

3985

Comments