[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-44161-8

Platform: cpe:/o:microsoft:windows_10Date: (C)2016-09-23   (M)2023-07-04



Disable: 'Allow antimalware service to remain running always' This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware definitions are disabled. It is recommended that this setting remain disabled. If you enable this setting, the antimalware service will always remain running even if both antivirus and antispyware definitions are disabled. If you disable or do not configure this setting, the antimalware service will be stopped when both antivirus and antispyware definitions are disabled. If the computer is restarted, the service will be started if it is set to Automatic startup. After the service has started, there will be a check to see if antivirus and antispyware definitions are enabled. If at least one is enabled, the service will remain running. If both are disabled, the service will be stopped. Counter Measure: Configure this setting depending on your organization's requirements. Potential Impact: The antimalware service may be using outdated antivirus and antispyware definitions.


Parameter:

[enable/disable]


Technical Mechanism:

(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows DefenderAllow antimalware service to remain running always (2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows DefenderServiceKeepAlive

CCSS Severity:CCSS Metrics:
CCSS Score : 2.5Attack Vector: LOCAL
Exploit Score: 1.0Attack Complexity: HIGH
Impact Score: 1.4Privileges Required: LOW
Severity: LOWUser Interaction: NONE
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:LScope: UNCHANGED
 Confidentiality: NONE
 Integrity: NONE
 Availability: LOW
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:35396


OVAL    1
oval:org.secpod.oval:def:35396
XCCDF    2
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_10
xccdf_org.secpod_benchmark_general_Windows_10

© SecPod Technologies