Microsoft Defender AV must be configured to only send safe samples for MAPS telemetry.

An XCCDF Rule

Description

<VulnDiscussion>This policy setting configures behavior of samples submission when opt-in for MAPS telemetry is set. Possible options are: (0x0) Always prompt (0x1) Send safe samples automatically (0x2) Never send (0x3) Send all samples automatically</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-213435r823042_rule
Severity: Medium
References: CCI-001170
Updated: about 1 year ago

This is applicable to unclassified systems. For other systems this is NA.

Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> MAPS >> "Send file samples when further analysis is required" to "Enabled" and select "Send safe samples" from the drop-down box.

Microsoft Defender AV must be configured to only send safe samples for MAPS telemetry.

Description

Remediation - Manual Procedure