STIGQter STIGQter: STIG Summary: Microsoft Windows Server 2016 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

The Windows Server 2016 system must use an anti-virus program.

DISA Rule

SV-224829r569237_rule

Vulnerability Number

V-224829

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

WN16-00-000120

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

If no anti-virus software is in use, install Windows Defender or third-party anti-virus.

Open "PowerShell".

Enter "Install-WindowsFeature -Name Windows-Defender”

For third-party anti-virus, install per anti-virus instructions and disable Windows Defender.

Open "PowerShell".

Enter “Uninstall-WindowsFeature -Name Windows-Defender”.

Check Contents

Verify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution.

If there is no anti-virus solution installed on the system, this is a finding.

Verify if Windows Defender is in use or enabled:

Open "PowerShell".

Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName”

Verify if third-party anti-virus is in use or enabled:

Open "PowerShell".

Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName”

Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName”

Vulnerability Number

V-224829

Documentable

False

Rule Version

WN16-00-000120

Severity Override Guidance

Verify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution.

If there is no anti-virus solution installed on the system, this is a finding.

Verify if Windows Defender is in use or enabled:

Open "PowerShell".

Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName”

Verify if third-party anti-virus is in use or enabled:

Open "PowerShell".

Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName”

Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName”

Check Content Reference

M

Target Key

4205

Comments