Details

This rule blocks potentially malicious behavior by not allowing macro code to execute routines in the Win 32 dynamic link library (DLL).

Solution

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Attack Surface Reduction -> ‘Configure Attack Surface Reduction rules’ to ‘Enabled’. Click ‘Show…’. Set the Value name to ’92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B’ and the Value to ‘1’.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Defender_Antivirus_V2R3_STIG.ziphttps://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Defender_Antivirus_V2R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

• 800-53|SC-18(4)
• CAT|II
• CCI|CCI-001170
• Rule-ID|SV-213462r569189_rule
• STIG-ID|WNDF-AV-000038
• STIG-Legacy|SV-92673
• STIG-Legacy|V-77977
• Vuln-ID|V-213462

Source

• Tenable.com/audits