CSCv7|8.2

Title

Ensure Anti-Malware Software and Signatures are Updated

Description

Ensure that the organization's anti-malware software updates its scanning engine and signature database on a regular basis.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Malware Defenses

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.2.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Windows Server 2012 MS L1 v2.2.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.0.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG NG DC L3 v1.0.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 MS L1 v2.4.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG NG MS L3 v1.0.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Windows Server 2012 DC L1 v2.2.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.2.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.0.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 DC L1 v2.4.0
18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
18.4.9 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.4.9 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.4.9 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
18.4.9 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.4.9 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1
18.8.14.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.14.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.8.14.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.2.0
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Windows Server 2012 R2 DC L1 v2.4.0
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.0.0
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Windows Server 2012 DC L1 v2.2.0
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.0.0
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows Server 2016 STIG NG DC L3 v1.0.0
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Windows Server 2012 MS L1 v2.2.0
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Windows Server 2012 R2 MS L1 v2.4.0
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.2.0
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows Server 2016 STIG NG MS L3 v1.0.0
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.8.14.2 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Not Configured' or 'Enabled with anything except ALL'	Windows	CIS Microsoft Windows Server 2016 STIG NG DC L3 v1.0.0
18.8.14.2 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Not Configured' or 'Enabled with anything except ALL'	Windows	CIS Microsoft Windows Server 2016 STIG NG MS L3 v1.0.0
18.9.45.11.2 Ensure 'Turn on e-mail scanning' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.9.45.11.2 Ensure 'Turn on e-mail scanning' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.9.45.11.2 Ensure 'Turn on e-mail scanning' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1
18.9.45.14 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.9.45.14 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.9.45.14 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows Server 2019 MS L1 v1.2.0
18.9.45.14 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows Server 2019 DC L1 v1.2.0
18.9.45.15 Ensure 'Turn off Microsoft Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1
18.9.45.15 Ensure 'Turn off Microsoft Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.9.45.15 Ensure 'Turn off Microsoft Defender AntiVirus' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 DC L1 v1.2.0

Detections

Analytics

CSCv7|8.2

Title

Description

Reference Item Details

Audit Items