CSCv7|8.1

Title

Utilize Centrally Managed Anti-malware Software

Description

Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization's workstations and servers.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Malware Defenses

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.10.1 Ensure 'Configure monitoring for incoming and outgoing file and program activity' is set to 'Enabled: bi-directional (full on access)'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.10.1 Ensure 'Configure monitoring for incoming and outgoing file and program activity' is set to 'Enabled: bi-directional (full on access)'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.10.2 Ensure 'Configure real-time protection and Security Intelligence Updates during OOBE' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.10.2 Ensure 'Configure real-time protection and Security Intelligence Updates during OOBE' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.10.3 Ensure 'Monitor file and program activity on your computer' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.10.3 Ensure 'Monitor file and program activity on your computer' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.10.4 Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.10.4 Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.10.5 Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.10.5 Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.10.6 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.10.6 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.10.7 Ensure 'Turn on process scanning whenever real-time protection is enabled' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.10.7 Ensure 'Turn on process scanning whenever real-time protection is enabled' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.10.8 Ensure 'Turn on script scanning' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.10.8 Ensure 'Turn on script scanning' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.11 Ensure anti-virus is installed and running	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
1.11 Ensure anti-virus is installed and running	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.11.1.1.1 Ensure 'Configure Brute-Force Protection aggressiveness' is set to 'Enabled: Medium' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L2 Server
1.11.1.1.1 Ensure 'Configure Brute-Force Protection aggressiveness' is set to 'Enabled: Medium' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L2 Workstation
1.11.1.1.2 Ensure 'Configure Remote Encryption Protection Mode' is set to 'Enabled: Audit' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.11.1.1.2 Ensure 'Configure Remote Encryption Protection Mode' is set to 'Enabled: Audit' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.11.1.2.1 Ensure 'Configure how aggressively Remote Encryption Protection blocks threats' is set to 'Enabled: Medium' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L2 Server
1.11.1.2.1 Ensure 'Configure how aggressively Remote Encryption Protection blocks threats' is set to 'Enabled: Medium' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L2 Workstation
1.11.1.2.2 Ensure 'Configure Remote Encryption Protection Mode' is set to 'Enabled: Audit' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.11.1.2.2 Ensure 'Configure Remote Encryption Protection Mode' is set to 'Enabled: Audit' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.12 Ensure host-based intrusion detection tool is used	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
1.12 Ensure host-based intrusion detection tool is used - mcafeetp package	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.12 Ensure host-based intrusion detection tool is used - mfetpd process	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.13.1 Ensure 'Check for the latest virus and spyware security intelligence before running a scheduled scan' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.13.1 Ensure 'Check for the latest virus and spyware security intelligence before running a scheduled scan' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.13.2 Ensure 'Scan archive files' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.13.2 Ensure 'Scan archive files' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.13.3 Ensure 'Scan excluded files and directories during quick scans' is set to 'Enabled: 1'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.13.3 Ensure 'Scan excluded files and directories during quick scans' is set to 'Enabled: 1'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.13.6 Ensure 'Specify the day of the week to run a scheduled scan' is set to 'Enabled: 0' or higher, but not '8'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.13.6 Ensure 'Specify the day of the week to run a scheduled scan' is set to 'Enabled: 0' or higher, but not '8'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.13.7 Ensure 'Specify the scan type to use for a scheduled scan' is set to 'Enabled: Quick Scan (default)' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.13.7 Ensure 'Specify the scan type to use for a scheduled scan' is set to 'Enabled: Quick Scan (default)' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.13.8 Ensure 'Specify the time for a daily quick scan' is set to 'Enabled: 1' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.13.8 Ensure 'Specify the time for a daily quick scan' is set to 'Enabled: 1' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.13.9 Ensure 'Specify the time of day to run a scheduled scan' is set to 'Enabled: 1' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.13.9 Ensure 'Specify the time of day to run a scheduled scan' is set to 'Enabled: 1' or higher	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.13.10 Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.13.10 Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.13.11 Ensure 'Turn on e-mail scanning' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.13.11 Ensure 'Turn on e-mail scanning' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.14.1 Ensure 'Specify the interval to check for security intelligence updates' is set to 'Enabled: 4' or fewer, but not '0'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.14.1 Ensure 'Specify the interval to check for security intelligence updates' is set to 'Enabled: 4' or fewer, but not '0'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.15.1 Ensure 'Specify threat alert levels at which default action should not be taken when detected' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server

Detections

Analytics

CSCv7|8.1

Title

Description

Reference Item Details

Audit Items