Microsoft Defender AV must be configured to block executable content from email client and webmail.

An XCCDF Rule

Details
Profiles

Description

This rule blocks the following file types from being run or launched from an email seen in either Microsoft Outlook or webmail (such as Gmail.com or Outlook.com): Executable files (such as .exe, .dll, or .scr) Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file) Script archive files

ID: SV-213456r823081_rule
Version: WNDF-AV-000032
Severity: Medium
References: CCI-001170
Updated: 5 days ago

Remediation Templates

Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Windows Defender Exploit Guard >> Attack Surface Reduction >> "Configure Attack Surface Reduction rules" to "Enabled". 

Click "Show...". Set the Value name to "BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550" and the Value to "1".

Microsoft Defender AV must be configured to block executable content from email client and webmail.

Description

Remediation Templates

A Manual Procedure