18.10.42.13.1 (L1) Ensure 'Scan packed executables' is set to 'Enabled'

Information

This policy setting manages whether or not Microsoft Defender Antivirus scans packed executables. Packed executables are executable files that contain compressed code.

The recommended state for this setting is: Enabled

Packing executables is a way to compress and create smaller files and can make it difficult to access and analyze the code associated with the executable. This is a common method to obfuscate malicious executables by bad actors.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Scan\Scan packed executables

Note: This Group Policy path is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 8.1 and Server 2012 R2 Administrative Templates (or newer).

Impact:

None - This is the default behavior.

See Also

https://workbench.cisecurity.org/benchmarks/17971

Item Details

Category: MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|MP-7, 800-53|SI-3, CSCv7|8.4

Plugin: Windows

Control ID: 9a300e2316420ed8382ba3d0c350b16d58a95af866ff2d15e573d22d9f406c6c