Microsoft Defender Antivirus Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Microsoft Defender AV must be configured to scan all downloaded files and attachments.
<VulnDiscussion>This policy setting allows configuration of scanning for all downloaded files and attachments. If this setting is enabled or ...Rule Medium Severity -
SRG-APP-000278
<GroupDescription></GroupDescription>Group -
Microsoft Defender AV must be configured to always enable real-time protection.
<VulnDiscussion>This policy setting turns off real-time protection prompts for known malware detection. Microsoft Defender Antivirus alerts ...Rule Medium Severity -
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
Microsoft Defender AV must be configured to enable behavior monitoring.
<VulnDiscussion>This policy setting allows configuration of behavior monitoring. If this setting is enabled or not configured, behavior monit...Rule Medium Severity -
SRG-APP-000278
<GroupDescription></GroupDescription>Group -
Microsoft Defender AV must be configured to process scanning when real-time protection is enabled.
<VulnDiscussion>This policy setting allows the configuration of process scanning when real-time protection is turned on. This helps to catch ...Rule Medium Severity -
SRG-APP-000278
<GroupDescription></GroupDescription>Group -
Microsoft Defender AV must be configured to scan archive files.
<VulnDiscussion>This policy setting allows the configuration of scans for malicious software and unwanted software in archive files such as ....Rule Medium Severity -
SRG-APP-000073
<GroupDescription></GroupDescription>Group -
Microsoft Defender AV must be configured to scan removable drives.
<VulnDiscussion>This policy setting allows the management of whether or not to scan for malicious software and unwanted software in the conte...Rule Medium Severity -
SRG-APP-000277
<GroupDescription></GroupDescription>Group -
Microsoft Defender AV must be configured to perform a weekly scheduled scan.
<VulnDiscussion>This policy setting allows specifying the day of the week on which to perform a scheduled scan. The scan can also be configur...Rule Medium Severity -
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
Microsoft Defender AV must be configured to turn on e-mail scanning.
<VulnDiscussion>This policy setting allows the configuration of e-mail scanning. When e-mail scanning is enabled, the engine will parse the m...Rule Medium Severity -
SRG-APP-000276
<GroupDescription></GroupDescription>Group -
Microsoft Defender AV spyware definition age must not exceed 7 days.
<VulnDiscussion>This policy setting allows defining the number of days that must pass before spyware definitions are considered out of date. ...Rule High Severity -
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
Microsoft Defender AV virus definition age must not exceed 7 days.
<VulnDiscussion>This policy setting allows defining the number of days that must pass before virus definitions are considered out of date. If...Rule High Severity -
SRG-APP-000261
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.