CCE-98645-5Platform: cpe:/o:microsoft:windows_10 | Date: (C)2022-07-05 (M)2023-07-04 |
This policy setting turns off Microsoft Defender Antivirus.
If you enable this policy setting, Microsoft Defender Antivirus does not run, and will not scan computers for malware or other potentially unwanted software.
If you disable this policy setting, Microsoft Defender Antivirus will run regardless of any other installed antivirus product.
If you do not configure this policy setting, Windows will internally manage Microsoft Defender Antivirus. If you install another antivirus program, Windows automatically disables Microsoft Defender Antivirus. Otherwise, Microsoft Defender Antivirus will scan your computers for malware and other potentially unwanted software.
Enabling or disabling this policy may lead to unexpected or unsupported behavior. It is recommended that you leave this policy setting unconfigured.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsMicrosoft Defender AntivirusTurn off Microsoft Defender Antivirus
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows Defender!DisableAntiSpyware
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Turn off Microsoft Defender Antivirus
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender!DisableAntiSpyware
CCSS Severity: | CCSS Metrics: |
CCSS Score : 9.8 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: CRITICAL | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:81826 |