Microsoft Defender AV spyware definition age must not exceed 7 days. (Cat I impact)
This policy setting allows defining the number of days that must pass before spyware definitions are considered out of date. If definitions are determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default this value is set to 14 days. If this setting is enabled, spyware definitions will be considered out of date after the number of days specified have passed without an update. If this setting is disabled or not configured, spyware definitions will be considered out of date after the default number of days have passed without an update.
Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Security Intelligence Updates >> "Define the number of days before spyware security intelligence considered out of date" is set to "Enabled" and "7" or less is selected in the drop-down box (excluding "0", which is unacceptable). If third-party antispyware is installed and up to date, the Windows Defender AV spyware age requirement will be NA. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates Criteria: If the value "ASSignatureDue" is REG_DWORD = 7, this is not a finding. A value of 1 - 6 is also acceptable and not a finding. A value of 0 is a finding. A value higher than 7 is a finding.
Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Defender Antivirus >> Signature Updates >> "Define the number of days before spyware definitions are considered out of date" to "Enabled" and select "7" or less in the drop-down box. Do not select a value of 0. This disables the option.
Rule ID: SV-213452r823073_rule
Vulnerability ID: V-213452
Group Title: SRG-APP-000276
The organization updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures.
Malicious Code Protection