Microsoft Defender AV must be configured to only send safe samples for MAPS telemetry.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-213435 | WNDF-AV-000011 | SV-213435r823042_rule | CCI-001170 | medium |
| Description | ||||
| This policy setting configures behavior of samples submission when opt-in for MAPS telemetry is set. Possible options are: (0x0) Always prompt (0x1) Send safe samples automatically (0x2) Never send (0x3) Send all samples automatically | ||||
| STIG | Date | |||
| Microsoft Defender Antivirus Security Technical Implementation Guide | 2022-04-08 | |||
Details
Check Text (C-213435r823042_chk)
This is applicable to unclassified systems. For other systems this is NA.
Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> MAPS >> "Send file samples when further analysis is required" is set to "Enabled" and "Send safe samples" is selected from the drop-down box.
Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Spynet
Criteria: If the value "SubmitSamplesConsent" is REG_DWORD = 1, this is not a finding.
Fix Text (F-14658r823041_fix)
This is applicable to unclassified systems. For other systems this is NA.
Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> MAPS >> "Send file samples when further analysis is required" to "Enabled" and select "Send safe samples" from the drop-down box.