18.9.77.10.1 (L1) Ensure 'Scan removable drives' is set to 'Enabled'

Information

This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.
The recommended state for this setting is: Enabled.

Rationale:
It is important to ensure that any present removable drives are always included in any type of scan, as removable drives are more likely to contain malicious software brought in to the enterprise managed environment from an external, unmanaged computer.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:
Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender Antivirus\Scan\Scan removable drives
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).

Impact:
Removable drives will be scanned during any type of scan by Windows Defender Antivirus.

Default Value:
Disabled. (Removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan.)

References:
1. CCE-33888-9

See Also

https://workbench.cisecurity.org/benchmarks/14249

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv6|13, CSCv7|8.4

Plugin: Windows

Control ID: d7194903995f4c33884e7732dd45d1c330dde1023711289de76570b0ba66fca8