CSCv7|8.1

Title

Utilize Centrally Managed Anti-malware Software

Description

Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization's workstations and servers.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Malware Defenses

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.9 Ensure anti-virus is installed and running	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
1.11 Ensure anti-virus is installed and running	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.11 Ensure host-based intrusion detection tool is used - MFEhiplsm package	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
1.11 Ensure host-based intrusion detection tool is used - MFEhiplsm process	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
1.11.1 Ensure 'Configure Microsoft Defender SmartScreen' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.0.0
1.11.1 Ensure 'Configure Microsoft Defender SmartScreen' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.0.1
1.11.2 Ensure 'Configure Microsoft Defender SmartScreen to block potentially unwanted apps' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.0.0
1.11.2 Ensure 'Configure Microsoft Defender SmartScreen to block potentially unwanted apps' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.0.1
1.11.3 Ensure 'Force Microsoft Defender SmartScreen checks on downloads from trusted sources' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.0.1
1.11.3 Ensure 'Force Microsoft Defender SmartScreen checks on downloads from trusted sources' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.0.0
1.11.4 Ensure 'Prevent bypassing Microsoft Defender SmartScreen prompts for sites' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.0.0
1.11.4 Ensure 'Prevent bypassing Microsoft Defender SmartScreen prompts for sites' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.0.1
1.11.5 Ensure 'Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.0.0
1.11.5 Ensure 'Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.0.1
1.12 Ensure host-based intrusion detection tool is used - mcafeetp package	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.12 Ensure host-based intrusion detection tool is used - mfetpd process	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.0 L1 Domain Controller
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.42.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.0 L1 Member Server
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.0 L1 Domain Controller
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.42.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server

Detections

Analytics

CSCv7|8.1

Title

Description

Reference Item Details

Audit Items