Details

Enable Windows Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams exploit-hosting sites and other malicious content on the Internet.

Solution

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Network Protection -> ‘Prevent users and apps from accessing dangerous websites’ to ‘Enabled’ and select ‘Block’ in the drop down box.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Defender_Antivirus_V2R3_STIG.ziphttps://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Defender_Antivirus_V2R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

• 800-53|SC-18(4)
• CAT|II
• CCI|CCI-001170
• Rule-ID|SV-213463r569189_rule
• STIG-ID|WNDF-AV-000039
• STIG-Legacy|SV-92675
• STIG-Legacy|V-77979
• Vuln-ID|V-213463

Source

• Tenable.com/audits