WNDF-AV-000003 - Windows Defender AV must be configured to automatically take action on all detected tasks.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This policy setting allows you to configure whether Windows Defender automatically takes action on all detected threats. The action to be taken on a particular threat is determined by the combination of the policy-defined action user-defined action and the signature-defined action. If you enable this policy setting Windows Defender does not automatically take action on the detected threats but prompts users to choose from the actions available for each threat. If you disable or do not configure this policy setting Windows Defender automatically takes action on all detected threats after a nonconfigurable delay of approximately five seconds.

Solution

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> 'Turn off routine remediation' to 'Disabled' or 'Not Configured'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Defender_Antivirus_V2R3_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CAT|II, CCI|CCI-001243, Rule-ID|SV-213427r569189_rule, STIG-ID|WNDF-AV-000003, STIG-Legacy|SV-89831, STIG-Legacy|V-75151, Vuln-ID|V-213427

Plugin: Windows

Control ID: c0f10ee82ec0f6404de7d76bc1751179ae2fc6bf53783753635110a1b509af83