CCE-44161-8Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Disable: 'Allow antimalware service to remain running always'
This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware definitions are disabled. It is recommended that this setting remain disabled.
If you enable this setting, the antimalware service will always remain running even if both antivirus and antispyware definitions are disabled.
If you disable or do not configure this setting, the antimalware service will be stopped when both antivirus and antispyware definitions are disabled. If the computer is restarted, the service will be started if it is set to Automatic startup. After the service has started, there will be a check to see if antivirus and antispyware definitions are enabled. If at least one is enabled, the service will remain running. If both are disabled, the service will be stopped.
Counter Measure:
Configure this setting depending on your organization's requirements.
Potential Impact:
The antimalware service may be using outdated antivirus and antispyware definitions.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows DefenderAllow antimalware service to remain running always
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows DefenderServiceKeepAlive
CCSS Severity: | CCSS Metrics: |
CCSS Score : 2.5 | Attack Vector: LOCAL |
Exploit Score: 1.0 | Attack Complexity: HIGH |
Impact Score: 1.4 | Privileges Required: LOW |
Severity: LOW | User Interaction: NONE |
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: NONE |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35396 |