Title

The Windows Server 2016 system must use an anti-virus program. (Cat I impact)

Discussion

Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operating system.

Check Content

Verify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution. If there is no anti-virus solution installed on the system, this is a finding. Verify if Windows Defender is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName” Verify if third-party anti-virus is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName” Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName”

Fix Text

If no anti-virus software is in use, install Windows Defender or third-party anti-virus. Open "PowerShell". Enter "Install-WindowsFeature -Name Windows-Defender” For third-party anti-virus, install per anti-virus instructions and disable Windows Defender. Open "PowerShell". Enter “Uninstall-WindowsFeature -Name Windows-Defender”.

Additional Identifiers

Rule ID: SV-224829r991589_rule

Vulnerability ID: V-224829

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.