Title

Windows Defender AV must be configured to scan all downloaded files and attachments. (Cat II impact)

Discussion

This policy setting allows you to configure scanning for all downloaded files and attachments. If you enable or do not configure this setting scanning for all downloaded files and attachments will be enabled. If you disable this setting scanning for all downloaded files and attachments will be disabled.

Check Content

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> "Scan all downloaded files and attachments" is set to "Enabled" or "Not Configured". Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection Criteria: If the value "DisableIOAVProtection" is REG_DWORD = 0, this is not a finding. If the value does not exist, this is not a finding. If the value is 1, this is a finding.

Fix Text

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> "Scan all downloaded files and attachments" to "Enabled" or "Not Configured".

Additional Identifiers

Rule ID: SV-213444r569189_rule

Vulnerability ID: V-213444

Group Title: SRG-APP-000209

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.