18.10.43.7.1 (L2) Ensure 'Enable file hash computation feature' is set to 'Enabled'

Information

This setting determines whether hash values are computed for files scanned by Microsoft Defender.

The recommended state for this setting is: Enabled

When running an antivirus solution such as Microsoft Defender Antivirus, it is important to ensure that it is configured to monitor for suspicious and known malicious activity. File hashes are a reliable way of detecting changes to files, and can speed up the scan process by skipping files that have not changed since they were last scanned and determined to be safe. A changed file hash can also be cause for additional scrutiny.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\MpEngine\Enable file hash computation feature

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 10 Release 2004 Administrative Templates (or newer).

Impact:

This setting could cause performance degradation during initial deployment and for users where new executable content is frequently being created (such as software developers), or where applications are frequently installed or updated.

For more information on this setting, please visit

Security baseline (FINAL): Windows 10 and Windows Server, version 2004 - Microsoft Tech Community - 1543631

.

Note: The impact of this setting should be monitored closely during deployment to ensure user and system performance impact is within acceptable limits.

See Also

https://workbench.cisecurity.org/benchmarks/15105

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv7|8.1

Plugin: Windows

Control ID: eb623f973ca55630b784db248bd5c5ef8af899f08a7d01560e273c3250a7114f