22.30 (L1) Ensure 'Quick Scan Include Exclusions' is set to '1'

Information

This policy setting manages whether or not Microsoft Defender Antivirus scans excluded files and directories when running a Quick Scan.

The recommended state for this setting is: If you set this setting to 1, all files and directories that are excluded from real-time protection using contextual exclusions are scanned during a quick scan

Note: As of the publication of this Benchmark, the setting configuration state in Intune is the sentence above after

The recommended state for this setting is:

and not

1

as the title states. This was done to keep title length to a minimum.

The Real-time Protection feature excludes some files and directories for contextual reasons. This setting ensures that these are scanned during a Quick Scan.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to If you set this setting to 1, all files and directories that are excluded from real-time protection using contextual exclusions are scanned during a quick scan

Defender\Quick Scan Include Exclusions

Impact:

A Quick Scan could take longer when including the contextually excluded files and directories.

See Also

https://workbench.cisecurity.org/benchmarks/21767

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv7|8.1

Plugin: Windows

Control ID: 60de16ce060be8af8e3313ff819c2957ae082a1fe33dc2aa1aefd6f0e9278f70