Windows Defender AV must be configured to enable the Automatic Exclusions feature.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-75159	WNDF-AV-000007	SV-89839r2_rule		Medium

Description
Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.

STIG	Date
MS Windows Defender Antivirus Security Technical Implementation Guide	2020-05-12

Details

Check Text ( C-74951r2_chk )
Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Turn off Auto Exclusions" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions Criteria: If the value "DisableAutoExclusions" is REG_DWORD = 0, this is not a finding.

Check Text ( C-74951r2_chk )

Verify the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Turn off Auto Exclusions" is set to "Disabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions

Criteria: If the value "DisableAutoExclusions" is REG_DWORD = 0, this is not a finding.

Fix Text (F-81771r1_fix)
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Turn off Auto Exclusions" to "Disabled".