WNDF-AV-000001 - Windows Defender AV must be configured to block the Potentially Unwanted Application (PUA) feature - PUA feature.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

After enabling this feature, PUA protection blocking takes effect on endpoint clients after the next signature update or computer restart. Signature updates take place daily under typical circumstances. PUA will be blocked and automatically quarantined.

Solution

Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Defender Antivirus >> 'Configure Detection for Potentially Unwanted Applications' to 'Enabled' and 'Block'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Defender_Antivirus_V2R3_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(4), CAT|I, CCI|CCI-001243, Rule-ID|SV-213426r569189_rule, STIG-ID|WNDF-AV-000001, STIG-Legacy|SV-89827, STIG-Legacy|V-75147, Vuln-ID|V-213426

Plugin: Windows

Control ID: 177153e71767c8be8aecebaebc40f43f28dc2b7ecfed307d0b698ef6aca24883