The Windows 11 system must use an antivirus program.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-253264 | WN11-00-000045 | SV-253264r1186372_rule | CCI-000366 | high |
| Description | ||||
| Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operating system. | ||||
| STIG | Date | |||
| Microsoft Windows 11 Security Technical Implementation Guide | 2026-02-12 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · V2R7 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · V2R7 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · V2R7 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · V2R7 · disa_xccdf · related
Details
Check Text (C-253264r1186372_chk)
Verify an organizationally approved antivirus solution (Microsoft Defender Antivirus, for example) is installed on the system and in use.
Verify if Microsoft Defender Antivirus is in use or enabled:
Open PowerShell.
Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName"
Verify third-party antivirus is in use or enabled:
Open PowerShell.
Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName"
Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName"
If there is no antivirus solution installed on the system, this is a finding.
Fix Text (F-56667r828875_fix)
Install Microsoft Defender Antivirus or a third-party antivirus solution.