UCF STIG Viewer Logo

Microsoft Defender AV must be configured to prevent user and apps from accessing dangerous websites.


Overview

Finding ID Version Rule ID IA Controls Severity
V-213463 WNDF-AV-000039 SV-213463r823095_rule Medium
Description
Enable Microsoft Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the internet.
STIG Date
Microsoft Defender Antivirus Security Technical Implementation Guide 2022-04-08

Details

Check Text ( C-14688r820236_chk )
This setting is applicable starting with v1709 of Windows 10, it is NA for prior versions.

Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Microsoft Defender Exploit Guard >> Network Protection >> "Prevent users and apps from accessing dangerous websites" is set to "Enabled” and "Block" is selected in the drop-down box.

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection

Criteria: If the value "EnableNetworkProtection" is REG_DWORD = 1, this is not a finding.
Fix Text (F-14686r823094_fix)
Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Windows Defender Exploit Guard >> Network Protection >> "Prevent users and apps from accessing dangerous websites" to "Enabled" and select "Block" in the drop-down box.