CCE-96760-4Platform: cpe:/o:microsoft:windows_11 | Date: (C)2022-05-07 (M)2023-07-04 |
This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.
If you enable this setting, removable drives will be scanned during any type of scan.
If you disable or do not configure this setting, removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan.
Countermeasure:
Configure this setting depending on your organization's requirements.
Potential Impact:
Scanning can impact performance.
Parameter:
[enabled/disabled]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Scan\Scan removable drives
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Scan!DisableRemovableDriveScanning
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.3 | Attack Vector: PHYSICAL |
Exploit Score: 0.4 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:79552 |