1.17 Ensure 'Control whether exclusions are visible to local users' is set to 'Enabled'

Information

This policy setting controls whether Microsoft Defender Antivirus exclusions are visible to local users on the system.

The recommended state for this setting is: Enabled.

Warning: This setting requires at least Microsoft Defender for Endpoint Plan 1 (Foundational enterprise endpoint protection) to function. If Plan 1 is not in use, an exception to this recommendation is required.

Only administrators should be able to view and manage Microsoft Defender Antivirus exclusions.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Control whether exclusions are visible to local users

Note: This Group Policy path is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 11 Release 24H2 Administrative Templates (or newer).

Impact:

Local users will not be able to view Microsoft Defender Antivirus exclusions.

Item Details

Audit Name: CIS Microsoft Defender Antivirus v1.0.0 L1 Server

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv7|8.1

Plugin: Windows

Control ID: 4d49bf43b97ea2e82dd012238369816fda3ae17e5fbf05fc775be36fc92f43ff

Detections

Analytics

1.17 Ensure 'Control whether exclusions are visible to local users' is set to 'Enabled'

Information

Solution

See Also

Item Details