STIGQter: STIG Summary: Microsoft Windows Defender Antivirus Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Windows Defender AV must be configured to enable the Automatic Exclusions feature.

DISA Rule

SV-213431r569189_rule

Vulnerability Number

V-213431

Group Title

SRG-APP-000278

Rule Version

WNDF-AV-000007

Severity

CAT II

CCI(s)

• CCI-001242 - The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Weight

10

Fix Recommendation

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Turn off Auto Exclusions" to "Disabled".

Check Contents

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Turn off Auto Exclusions" is set to "Disabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions

Criteria: If the value "DisableAutoExclusions" is REG_DWORD = 0, this is not a finding.

Vulnerability Number

V-213431

Documentable

False

Rule Version

WNDF-AV-000007

Severity Override Guidance

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Turn off Auto Exclusions" is set to "Disabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions

Criteria: If the value "DisableAutoExclusions" is REG_DWORD = 0, this is not a finding.

Check Content Reference

M

Target Key

3985

Comments