Microsoft Defender AV must be configured to prevent user and apps from accessing dangerous websites.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-213463 | WNDF-AV-000039 | SV-213463r823095_rule | CCI-001170 | medium |
| Description | ||||
| Enable Microsoft Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the internet. | ||||
| STIG | Date | |||
| Microsoft Defender Antivirus Security Technical Implementation Guide | 2022-04-08 | |||
Details
Check Text (C-213463r823095_chk)
This setting is applicable starting with v1709 of Windows 10, it is NA for prior versions.
Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Microsoft Defender Exploit Guard >> Network Protection >> "Prevent users and apps from accessing dangerous websites" is set to "Enabled” and "Block" is selected in the drop-down box.
Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
Criteria: If the value "EnableNetworkProtection" is REG_DWORD = 1, this is not a finding.
Fix Text (F-14686r823094_fix)
Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Windows Defender Exploit Guard >> Network Protection >> "Prevent users and apps from accessing dangerous websites" to "Enabled" and select "Block" in the drop-down box.