CCE-45337-3Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2017-08-03 (M)2023-07-04 |
This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.
If you enable this setting, removable drives will be scanned during any type of scan.
If you disable or do not configure this setting, removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan.
Vulnerability:
Disabling or not configuring this setting can compromise security as removable drives will not be scanned, which may allow a malicious agent to exploit them for attacks and may be contrary to your organization's security requirements.
Counter Measure:
Configure this setting depending on your organization's requirements.
Potential Impact:
Scanning can impact performance.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows DefenderScanScan removable drives
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows DefenderScan!DisableRemovableDriveScanning
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Scan\Scan removable drives
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Scan!DisableRemovableDriveScanning
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.3 | Attack Vector: PHYSICAL |
Exploit Score: 0.4 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:40339 |