Check: WNDF-AV-000008
Microsoft Defender Antivirus STIG:
WNDF-AV-000008
(in version v2 r4)
Title
Microsoft Defender AV must be configured to disable local setting override for reporting to Microsoft MAPS. (Cat II impact)
Discussion
This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy. If this setting is enabled, the local preference setting will take priority over Group Policy. If this setting is disabled or not configured, Group Policy will take priority over the local preference setting.
Check Content
This is applicable to unclassified systems. For other systems this is NA. Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> MAPS >> "Configure local setting override for reporting to Microsoft MAPS" is set to "Disabled" or "Not Configured". Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows Defender\Spynet Criteria: If the value "LocalSettingOverrideSpynetReporting" is REG_DWORD = 0, this is not a finding. If the value does not exist, this is not a finding. If the value is 1, this is a finding.
Fix Text
This is applicable to unclassified systems. For other systems this is NA. Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> MAPS >> "Configure local setting override for reporting to Microsoft MAPS" to "Disabled" or "Not Configured".
Additional Identifiers
Rule ID: SV-213432r823036_rule
Vulnerability ID: V-213432
Group Title: SRG-APP-000210
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001170 |
The information system prevents the automatic execution of mobile code in organization-defined software applications. |
Controls
Number | Title |
---|---|
SC-18 (4) |
Prevent Automatic Execution |