21.6 (L1) Ensure 'Allow Script Scanning' is set to 'Allowed'

Information

This policy setting allows script scanning to be turned on/off. Script scanning intercepts scripts then scans them before they are executed on the system.

The recommended state for this setting is: Allowed

When running an antivirus solution such as Microsoft Defender Antivirus, it is important to ensure that it is configured to heuristically monitor in real-time for suspicious and known malicious activity.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Allowed

Defender\Allow Script Scanning

Impact:

None - this is the default behavior.

See Also

https://workbench.cisecurity.org/benchmarks/16853

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, CSCv7|8.1

Plugin: Windows

Control ID: 6c7c13aa94c94bf634ccccdf5cc227afd9061bb8876400a6af291eab9dabed13