STIGQter: STIG Summary: Microsoft Windows Defender Antivirus Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium.

DISA Rule

SV-213465r569189_rule

Vulnerability Number

V-213465

Group Title

SRG-APP-000207

Rule Version

WNDF-AV-000041

Severity

CAT II

CCI(s)

CCI-001662 - The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified.

Weight

Fix Recommendation

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Threats -> "Specify threat alert levels at which default action should not be taken when detected" to "Enabled". Select the “Show…” option box and enter "2” in the ‘Value name’ field and enter “2" in the ‘Value’ field.

Check Contents

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Threats -> "Specify threat alert levels at which default action should not be taken when detected" is set to "Enabled". Click the “Show…” box option and verify the ‘Value name’ field contains a value of “2” and the ‘Value’ field contains a “2". A value of “3” in the ‘Value’ field is more restrictive and also an acceptable value.

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction

Criteria: If the value "2" is REG_SZ = 2 (or 3), this is not a finding.

Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments