CSCv7|8.1

Title

Utilize Centrally Managed Anti-malware Software

Description

Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization's workstations and servers.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Malware Defenses

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.11 Ensure anti-virus is installed and running	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
1.11 Ensure anti-virus is installed and running	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.12 Ensure host-based intrusion detection tool is used	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
1.12 Ensure host-based intrusion detection tool is used - mcafeetp package	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.12 Ensure host-based intrusion detection tool is used - mfetpd process	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
18.10.42.4.1 Ensure 'Enable EDR in block mode' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1
18.10.42.4.1 Ensure 'Enable EDR in block mode' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1 BL
18.10.42.7.1 (L1) Ensure 'Enable file hash computation feature' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.7.1 Ensure 'Enable file hash computation feature' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1 BL
18.10.42.7.1 Ensure 'Enable file hash computation feature' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1
18.10.42.8.1 Ensure 'Convert warn verdict to block' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L2
18.10.42.8.1 Ensure 'Convert warn verdict to block' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L2 BL
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.10.1 Ensure 'Configure real-time protection and Security Intelligence Updates during OOBE' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1
18.10.42.10.1 Ensure 'Configure real-time protection and Security Intelligence Updates during OOBE' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1 BL
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.10.2 Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1 BL
18.10.42.10.2 Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1
18.10.42.10.3 (L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.10.3 Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1
18.10.42.10.3 Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1 BL
18.10.42.10.4 (L1) Ensure 'Turn on script scanning' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.10.4 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1
18.10.42.10.4 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1 BL
18.10.42.10.5 Ensure 'Turn on script scanning' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1 BL
18.10.42.10.5 Ensure 'Turn on script scanning' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1
18.10.42.11.1.1.1 Ensure 'Configure Brute-Force Protection aggressiveness' is set to 'Enabled: Medium' or higher	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L2 BL
18.10.42.11.1.1.1 Ensure 'Configure Brute-Force Protection aggressiveness' is set to 'Enabled: Medium' or higher	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L2
18.10.42.11.1.1.2 Ensure 'Configure Remote Encryption Protection Mode' is set to 'Enabled: Audit' or higher	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1
18.10.42.11.1.1.2 Ensure 'Configure Remote Encryption Protection Mode' is set to 'Enabled: Audit' or higher	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1 BL
18.10.42.11.1.2.1 Ensure 'Configure how aggressively Remote Encryption Protection blocks threats' is set to 'Enabled: Medium' or higher	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L2 BL
18.10.42.11.1.2.1 Ensure 'Configure how aggressively Remote Encryption Protection blocks threats' is set to 'Enabled: Medium' or higher	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L2
18.10.42.13.1 Ensure 'Scan excluded files and directories during quick scans' is set to 'Enabled: 1'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1
18.10.42.13.1 Ensure 'Scan excluded files and directories during quick scans' is set to 'Enabled: 1'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1 BL
18.10.42.13.3 (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.13.4 Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1 BL
18.10.42.13.4 Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1
18.10.42.13.5 Ensure 'Turn on e-mail scanning' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1 BL
18.10.42.13.5 Ensure 'Turn on e-mail scanning' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.16 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1
18.10.42.16 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1 BL
18.10.42.17 (L1) Ensure 'Turn off Microsoft Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.17 Ensure 'Control whether exclusions are visible to local users' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1
18.10.42.17 Ensure 'Control whether exclusions are visible to local users' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v5.0.0 L1 BL
18.10.43.10.1 (L1) Ensure 'Configure real-time protection and Security Intelligence Updates during OOBE' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v4.0.0 L1
18.10.43.10.1 (L1) Ensure 'Configure real-time protection and Security Intelligence Updates during OOBE' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG
18.10.43.10.1 (L1) Ensure 'Configure real-time protection and Security Intelligence Updates during OOBE' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS
18.10.43.10.1 (L1) Ensure 'Configure real-time protection and Security Intelligence Updates during OOBE' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v4.0.0 L1 MS
18.10.43.10.1 (L1) Ensure 'Configure real-time protection and Security Intelligence Updates during OOBE' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v4.0.0 L1 DC

Detections

Analytics

CSCv7|8.1

Title

Description

Reference Item Details

Audit Items