An error occurred:

Check: WNDF-AV-000029

Microsoft Defender Antivirus STIG: WNDF-AV-000029 (in versions v2 r3 through v1 r9)

Title

Windows Defender AV virus definition age must not exceed 7 days. (Cat I impact)

Discussion

This policy setting allows you to define the number of days that must pass before virus definitions are considered out of date. If definitions are determined to be out of date this state may trigger several additional actions including falling back to an alternative update source or displaying a warning icon in the user interface. By default this value is set to 14 days. If you enable this setting virus definitions will be considered out of date after the number of days specified have passed without an update. If you disable or do not configure this setting virus definitions will be considered out of date after the default number of days have passed without an update.

Check Content

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Signature Updates -> "Define the number of days before virus definitions are considered out of date" is set to "Enabled" and "7" or less selected in the drop down box (excluding "0", which is unacceptable). If third-party antivirus protection is installed and up to date, the Windows Defender Antivirus age requirement is N/A. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates Criteria: If the value "AVSignatureDue" is REG_DWORD = 7, this is not a finding. A value of 1 - 6 is also acceptable and not a finding. A value of 0 is a finding. A value higher than 7 is a finding.

Fix Text

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Signature Updates -> "Define the number of days before virus definitions are considered out of date" to "Enabled" and select "7" or less in the drop down box. Do not select a value of 0. This disables the option.

Additional Identifiers

Rule ID: SV-213453r569189_rule

Vulnerability ID: V-213453

Group Title: SRG-APP-000276

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001240

The organization updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection