CSCv7|8.2

Title

Ensure Anti-Malware Software and Signatures are Updated

Description

Ensure that the organization's anti-malware software updates its scanning engine and signature database on a regular basis.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Malware Defenses

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.1.6 Ensure the latest firmware is installed	FortiGate	CIS Fortigate 7.0.x Level 2 v1.2.0
2.5.2.1 Ensure Gatekeeper is Enabled	Unix	CIS Apple macOS 10.14 v2.0.0 L1
2.5.7 Ensure Gatekeeper Is Enabled	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.5.7 Ensure Gatekeeper Is Enabled	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L1
2.5.7 Ensure Gatekeeper Is Enabled	Unix	CIS Apple macOS 12.0 Monterey v3.0.0 L1
2.6.5 Ensure Gatekeeper Is Enabled	Unix	CIS Apple macOS 14.0 Sonoma v1.0.0 L1
2.6.5 Ensure Gatekeeper Is Enabled	Unix	CIS Apple macOS 13.0 Ventura v2.0.0 L1
4.2.1 Ensure Antivirus Definition Push Updates are Configured	FortiGate	CIS Fortigate 7.0.x Level 2 v1.2.0
4.2.3 Enable Outbreak Prevention Database	FortiGate	CIS Fortigate 7.0.x Level 2 v1.2.0
4.2.4 Enable AI /heuristic based malware detection	FortiGate	CIS Fortigate 7.0.x Level 2 v1.2.0
4.2.5 Enable grayware detection on antivirus	FortiGate	CIS Fortigate 7.0.x Level 2 v1.2.0
5.10 Ensure XProtect Is Running and Updated	Unix	CIS Apple macOS 14.0 Sonoma v1.0.0 L1
5.11 Ensure XProtect Is Running and Updated	Unix	CIS Apple macOS 13.0 Ventura v2.0.0 L1
5.11 Ensure XProtect Is Running and Updated	Unix	CIS Apple macOS 12.0 Monterey v3.0.0 L1
5.11 Ensure XProtect Is Running and Updated	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
7.6 Ensure that Endpoint Protection for all Virtual Machines is installed	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L2
18.4.9 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.4.9 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.8.14.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.9.77.3.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.77.3.1 Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.9.77.7.1 (L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.9.77.10.2 (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.77.10.2 Ensure 'Turn on e-mail scanning' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.9.77.14 (L1) Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.77.14 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
19.7.4.2 (L1) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
19.7.4.2 Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1

Detections

Analytics

CSCv7|8.2

Title

Description

Reference Item Details

Audit Items