Title

Microsoft Defender AV must be configured to scan all downloaded files and attachments. (Cat II impact)

Discussion

This policy setting allows configuration of scanning for all downloaded files and attachments. If this setting is enabled or not configured, scanning for all downloaded files and attachments will be enabled. If this setting is disabled, scanning for all downloaded files and attachments will be disabled.

Check Content

Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Real-time Protection >> "Scan all downloaded files and attachments" is set to "Enabled" or "Not Configured". Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection Criteria: If the value "DisableIOAVProtection" is REG_DWORD = 0, this is not a finding. If the value does not exist, this is not a finding. If the value is 1, this is a finding.

Fix Text

Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Real-time Protection >> "Scan all downloaded files and attachments" to "Enabled" or "Not Configured".

Additional Identifiers

Rule ID: SV-213444r823060_rule

Vulnerability ID: V-213444

Group Title: SRG-APP-000209

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.