DISA STIGS Viewer

Finding ID	Version	Rule ID	IA Controls	Severity
V-213450	WNDF-AV-000026	SV-213450r823070_rule		Medium

Description

This policy setting allows specifying the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to never run at all. This setting can be configured with the following ordinal number values: (0x0) Every Day (0x1) Sunday (0x2) Monday (0x3) Tuesday (0x4) Wednesday (0x5) Thursday (0x6) Friday (0x7) Saturday (0x8) Never (default) If this setting is enabled, a scheduled scan will run at the frequency specified. If this setting is disabled or not configured, a scheduled scan will run at a default frequency.

STIG	Date
Microsoft Defender Antivirus Security Technical Implementation Guide	2022-04-08

Check Text (C-14675r820197_chk)

Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Scan >> "Specify the day of the week to run a scheduled scan" is set to "Enabled" and anything other than "Never" is selected in the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows Defender\Scan Criteria: If the value "ScheduleDay" is REG_DWORD = 0x8, this is a finding. Values of 0x0 through 0x7 are acceptable and not a finding.

Fix Text (F-14673r823069_fix)

Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Scan >> "Specify the day of the week to run a scheduled scan" to "Enabled " and select anything other than "Never" in the drop-down box.