STIGQter STIGQter: STIG Summary: Microsoft Windows Defender Antivirus Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Windows Defender AV must be configured to perform a weekly scheduled scan.

DISA Rule

SV-213450r569189_rule

Vulnerability Number

V-213450

Group Title

SRG-APP-000277

Rule Version

WNDF-AV-000026

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Scan -> "Specify the day of the week to run a scheduled scan" to "Enabled " and select anything other than "Never" in the drop down box.

Check Contents

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Scan -> "Specify the day of the week to run a scheduled scan" is set to "Enabled" and anything other than "Never" selected in the drop down box.

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Scan

Criteria: If the value "ScheduleDay" is REG_DWORD = 0x8, this is a finding.

Values of 0x0 through 0x7 are acceptable and not a finding.

Vulnerability Number

V-213450

Documentable

False

Rule Version

WNDF-AV-000026

Severity Override Guidance

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Scan -> "Specify the day of the week to run a scheduled scan" is set to "Enabled" and anything other than "Never" selected in the drop down box.

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Scan

Criteria: If the value "ScheduleDay" is REG_DWORD = 0x8, this is a finding.

Values of 0x0 through 0x7 are acceptable and not a finding.

Check Content Reference

M

Target Key

3985

Comments