| DISA_STIG_Windows_Defender_Antivirus_v2r3.audit from DISA Microsoft Windows Defender Antivirus v2r3 STIG | |
| WNDF-AV-000001 - Windows Defender AV must be configured to block the Potentially Unwanted Application (PUA) feature - PUA feature. | CONFIGURATION MANAGEMENT |
| WNDF-AV-000003 - Windows Defender AV must be configured to automatically take action on all detected tasks. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000004 - Windows Defender AV must be configured to run and scan for malware and other potentially unwanted software. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000005 - Windows Defender AV must be configured to not exclude files for scanning. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000006 - Windows Defender AV must be configured to not exclude files opened by specified processes. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000007 - Windows Defender AV must be configured to enable the Automatic Exclusions feature. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000008 - Windows Defender AV must be configured to disable local setting override for reporting to Microsoft MAPS. | CONFIGURATION MANAGEMENT |
| WNDF-AV-000009 - Windows Defender AV must be configured to check in real time with MAPS before content is run or accessed. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000010 - Windows Defender AV must be configured to join Microsoft MAPS. | ACCESS CONTROL |
| WNDF-AV-000011 - Windows Defender AV must be configured to only send safe samples for MAPS telemetry. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000012 - Windows Defender AV must be configured for protocol recognition for network protection. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000013 - Windows Defender AV must be configured to not allow local override of monitoring for file and program activity. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000014 - Windows Defender AV must be configured to not allow override of monitoring for incoming and outgoing file activity. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000015 - Windows Defender AV must be configured to not allow override of scanning for downloaded files and attachments. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000016 - Windows Defender AV must be configured to not allow override of behavior monitoring. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000017 - Windows Defender AV Group Policy settings must take priority over the local preference settings. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000018 - Windows Defender AV must monitor for incoming and outgoing files. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000019 - Windows Defender AV must be configured to monitor for file and program activity. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000020 - Windows Defender AV must be configured to scan all downloaded files and attachments. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000021 - Windows Defender AV must be configured to always enable real-time protection. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000022 - Windows Defender AV must be configured to enable behavior monitoring. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000023 - Windows Defender AV must be configured to process scanning when real-time protection is enabled. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000024 - Windows Defender AV must be configured to scan archive files. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000025 - Windows Defender AV must be configured to scan removable drives. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000026 - Windows Defender AV must be configured to perform a weekly scheduled scan. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000027 - Windows Defender AV must be configured to turn on e-mail scanning. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000028 - Windows Defender AV spyware definition age must not exceed 7 days. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000029 - Windows Defender AV virus definition age must not exceed 7 days. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000030 - Windows Defender AV must be configured to check for definition updates daily. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000031 - Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe - 5>2 | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000031 - Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe - Enabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000032 - Windows Defender AV must be configured to block executable content from email client and webmail. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000033 - Windows Defender AV must be configured block Office applications from creating child processes. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000034 - Windows Defender AV must be configured block Office applications from creating executable content. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000035 - Windows Defender AV must be configured to block Office applications from injecting into other processes. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000036 - Windows Defender AV must be configured to impede JavaScript and VBScript to launch executables. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000037 - Windows Defender AV must be configured to block execution of potentially obfuscated scripts. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000038 - Windows Defender AV must be configured to block Win32 imports from macro code in Office. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000039 - Windows Defender AV must be configured to prevent user and apps from accessing dangerous websites. | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000040 - Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level High - 4>2 | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000040 - Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level High - Enabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000041 - Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium - 2>2 | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000041 - Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium - Enabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000042 - Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Low - 1>2 | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000042 - Windows Defender AV must be configured for automatic remediation action to be taken for threat alert level Low - Enabled | SYSTEM AND COMMUNICATIONS PROTECTION |
