Back

Configure Virus and Malware Protection settings in accordance with organizational standards.


CONTROL ID
07906
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system hardening procedures., CC ID: 12001

This Control has the following implementation support Control(s):
  • Configure "Turn on behavior monitoring" to organizational standards., CC ID: 15407
  • Configure "Turn off real-time protection" to organizational standards., CC ID: 15406
  • Configure "Scan all downloaded files and attachments" to organizational standards., CC ID: 15404
  • Configure "Scan removable drives" to organizational standards., CC ID: 15401
  • Configure "Configure Attack Surface Reduction rules: Set the state for each ASR rule" to organizational standards., CC ID: 15392
  • Configure "Join Microsoft MAPS" to organizational standards., CC ID: 15384
  • Configure "Configure detection for potentially unwanted applications" to organizational standards., CC ID: 15375
  • Configure "Turn off Microsoft Defender AntiVirus" to organizational standards., CC ID: 15371
  • Configure "Enable file hash computation feature" to organizational standards., CC ID: 15340
  • Configure the "Internet Explorer Processes" to organizational standards., CC ID: 07907
  • Configure the "Turn on the auto-complete feature for user names and passwords on forms" to organizational standards., CC ID: 07941
  • Configure the "Automatic prompting for file downloads" to organizational standards., CC ID: 07950
  • Configure the "Use SmartScreen Filter" to organizational standards., CC ID: 07952
  • Configure the "Run ActiveX controls and plugins" to organizational standards., CC ID: 07954
  • Configure the "Java permissions" to organizational standards., CC ID: 07969
  • Configure the "Use Pop-up Blocker" to organizational standards., CC ID: 07990
  • Configure the "Prevent Bypassing SmartScreen Filter Warnings" to organizational standards., CC ID: 07994
  • Configure the "Allow cut, copy or paste operations from the clipboard via script" to organizational standards., CC ID: 07997
  • Configure the "Allow software to run or install even if the signature is invalid" to organizational standards., CC ID: 08019
  • Configure the "Do not allow users to enable or disable add-ons" to organizational standards., CC ID: 08035
  • Configure the "Disable AutoComplete for forms" to organizational standards., CC ID: 08066
  • Configure the "Download unsigned ActiveX controls" to organizational standards., CC ID: 08073
  • Configure the "Scripting of Java applets" to organizational standards., CC ID: 08105
  • Configure the "Allow only approved domains to use ActiveX controls without prompt" to organizational standards., CC ID: 08374
  • Configure the "Prevent per-user installation of ActiveX controls" to organizational standards., CC ID: 08382
  • Configure the "Turn on Cross-Site Scripting Filter" to organizational standards., CC ID: 08395
  • Configure the "Turn on certificate address mismatch warning" to organizational standards., CC ID: 08410
  • Configure the "Show security warning for potentially unsafe files" to organizational standards., CC ID: 08412
  • Configure the "Turn on Protected Mode" to organizational standards., CC ID: 08471
  • Configure the "Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled" to organizational standards., CC ID: 08510
  • Configure the "Check for signatures on downloaded programs" to organizational standards., CC ID: 08584
  • Configure the "Specify use of ActiveX Installer Service for installation of ActiveX controls" to organizational standards., CC ID: 08587
  • Configure the "Prevent changing the URL for checking updates to Internet Explorer and Internet Tools" to organizational standards., CC ID: 08589
  • Configure the "Enable MIME Sniffing" to organizational standards., CC ID: 08591
  • Configure "Prevent downloading of enclosures" to organizational standards., CC ID: 08612


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Organizations should continuously monitor all images for embedded malware. The monitoring processes should include the use of malware signature sets and behavioral detection heuristics based largely on actual "in the wild" attacks. (4.1.3 ¶ 1, NIST SP 800-190, Application Container Security Guide)
  • Refer to applicable State IT Standards for additional AV software configuration and use requirements. (System Administrators and/or IT Managers ¶ 5, Policy 674: Virus Protection, 674-01)