STIG ID: WN16-00-000120 | SRG: SRG-OS-000480-GPOS-00227 | Severity: high | CCI: | Vulnerability Id: V-224829
Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operating system.
If no anti-virus software is in use, install Windows Defender or third-party anti-virus.
Open "PowerShell".
Enter "Install-WindowsFeature -Name Windows-Defender”
For third-party anti-virus, install per anti-virus instructions and disable Windows Defender.
Open "PowerShell".
Enter “Uninstall-WindowsFeature -Name Windows-Defender”.
Verify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution.
If there is no anti-virus solution installed on the system, this is a finding.
Verify if Windows Defender is in use or enabled:
Open "PowerShell".
Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName”
Verify if third-party anti-virus is in use or enabled:
Open "PowerShell".
Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName”
Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName”