CCE-46184-8Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2017-08-03 (M)2023-07-04 |
Turns off Windows Defender Real-Time Protection, and no more scans are scheduled.
If you enable this policy setting, Windows Defender does not run, and computers will not be scanned for spyware or other potentially unwanted software.
If you disable or do not configure this policy setting, by default Windows Defender runs and computers are scanned for spyware and other potentially unwanted software.
Vulnerability:
A malicious agent could implement malware on unprotected computers.
Counter Measure:
Configure this policy based on the security requirements for your organization.
Potential Impact:
Depending on configuration, users may be unable to select a malware protection program other than Windows Defender.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows DefenderTurn off Windows Defender
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows Defender!DisableAntiSpyware
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Turn off Windows Defender
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender!DisableAntiSpyware
CCSS Severity: | CCSS Metrics: |
CCSS Score : 9.8 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: CRITICAL | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:40313 |