WNDF-AV-000023 – Windows Defender AV must be configured to process scanning when real-time protection is enabled.

Details

This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malware which could start when real-time protection is turned off. If you enable or do not configure this setting a process scan will be initiated when real-time protection is turned on. If you disable this setting a process scan will not be initiated when real-time protection is turned on.

Solution

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> Turn on process scanning whenever real-time protection is enabled to ‘Enabled’ or ‘Not Configured’.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Defender_Antivirus_V2R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.

References

800-53|SI-3c.1.
CAT|II
CCI|CCI-001242
Rule-ID|SV-213447r569189_rule
STIG-ID|WNDF-AV-000023
STIG-Legacy|SV-89911
STIG-Legacy|V-75231
Vuln-ID|V-213447

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles