19.7.4.2 Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'

Information

This policy setting manages the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified.

The recommended state for this setting is: 'Enabled'.

Note: An updated antivirus program must be installed for this policy setting to function properly.

Rationale:
Antivirus programs that do not perform on-access checks may not be able to scan downloaded files.

Solution

To establish the recommended configuration via GP, set the following UI path to 'Enabled':


User Configuration\Policies\Administrative Templates\Windows Components\Attachment Manager\Notify antivirus programs when opening attachments


Note: This Group Policy path is provided by the Group Policy template 'AttachmentManager.admx/adml' that is included with all versions of the Microsoft Windows Administrative Templates.

Impact:
Windows tells the registered antivirus program(s) to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened.

See Also

https://workbench.cisecurity.org/files/1937