19.7.5.2 (L1) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'

Information

This policy setting manages the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified.

The recommended state for this setting is: Enabled

Note: An updated antivirus program must be installed for this policy setting to function properly.

Antivirus programs that do not perform on-access checks may not be able to scan downloaded files.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

User Configuration\Policies\Administrative Templates\Windows Components\Attachment Manager\Notify antivirus programs when opening attachments

Note: This Group Policy path is provided by the Group Policy template AttachmentManager.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.

Impact:

Windows tells the registered antivirus program(s) to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened.

See Also

https://workbench.cisecurity.org/benchmarks/17689

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv7|8.1

Plugin: Windows

Control ID: 403641b0d34ede3723256ba2bbbc1edee8231f68e271b5969139b99efb083111