19.7.4.2 Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'

Information

This policy setting manages the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified.

The recommended state for this setting is: Enabled.

Note: An updated antivirus program must be installed for this policy setting to function properly.

Rationale:

Antivirus programs that do not perform on-access checks may not be able to scan downloaded files.

Impact:

Windows tells the registered antivirus program(s) to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:

User Configuration\Policies\Administrative Templates\Windows Components\Attachment Manager\Notify antivirus programs when opening attachments

Note: This Group Policy path is provided by the Group Policy template AttachmentManager.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.

Default Value:

Disabled. (Windows does not call the registered antivirus program(s) when file attachments are opened.)

See Also

https://workbench.cisecurity.org/benchmarks/14249

Item Details

Category: ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-4(8), 800-53|SI-3, CCE|CCE-33799-8, CSCv7|7.9, CSCv7|7.10, CSCv7|8.1, CSCv7|8.2

Plugin: Windows

Control ID: 5f694cad5017f53c07963bf3af2a7d8c2a81156547b1df9ff731584a47835563