Microsoft Defender AV must be configured to process scanning when real-time protection is enabled.
An XCCDF Rule
Description
<VulnDiscussion>This policy setting allows the configuration of process scanning when real-time protection is turned on. This helps to catch malware, which could start when real-time protection is turned off. If this setting is enabled or not configured, a process scan will be initiated when real-time protection is turned on. If this setting is disabled, a process scan will not be initiated when real-time protection is turned on.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-213447r823065_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Real-time Protection >> "Turn on process scanning whenever real-time protection is enabled" to "Enabled" or "Not Configured".