Details
This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives such as USB flash drives when running a full scan. If you enable this setting removable drives will be scanned during any type of scan. If you disable or do not configure this setting removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan.
Solution
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Scan -> ‘Scan removable drives’ to ‘Enabled’.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Maintenance.This control applies to the following type of system Windows.
References
- 800-53|MA-3(2)
- CAT|II
- CCI|CCI-000870
- Rule-ID|SV-213449r569189_rule
- STIG-ID|WNDF-AV-000025
- STIG-Legacy|SV-89915
- STIG-Legacy|V-75235
- Vuln-ID|V-213449