Detections
Analytics

Turn on process scanning whenever real-time protection is enabled

Information

This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malware which could start when real-time protection is turned off. If you enable or do not configure this setting a process scan will be initiated when real-time protection is turned on. If you disable this setting a process scan will not be initiated when real-time protection is turned on.

Solution

Policy Path: Windows Components\Microsoft Defender Antivirus\Real-time Protection
Policy Setting Name: Turn on process scanning whenever real-time protection is enabled

See Also

https://techcommunity.microsoft.com/blog/microsoft-security-baselines/windows-11-version-25h2-security-baseline/4456231

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.1.

Plugin: Windows

Control ID: b6542280d662d4da8df11a7a00a4a58e3a91dd41f429419608c99fc89ec0cfd4