18.10.42.13.2 (L1) Ensure 'Scan removable drives' is set to 'Enabled'

Information

This policy setting manages whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.

The recommended state for this setting is: Enabled

It is important to ensure that any present removable drives are always included in any type of scan, as removable drives are more likely to contain malicious software brought in to the enterprise managed environment from an external, unmanaged computer.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Scan\Scan removable drives

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).

Impact:

Removable drives will be scanned during any type of scan by Microsoft Defender Antivirus.

See Also

https://workbench.cisecurity.org/benchmarks/16913

Item Details

Category: MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|MP-7, 800-53|SI-3, CSCv7|8.4

Plugin: Windows

Control ID: 4166344860dfc5c61814732f0d5d865b2b7d0b860994a8c399756f32b509aac5