Microsoft Security Settings
If you are using Windows 10/11 Defender, you will need to have your anti-virus and anti-malware settings enabled. If you are using a 3rd party product, such as Symantec Endpoint Protection or AVG Anti-Virus protection, you will need to show the auditor equivalent settings that show that the computer is being protected with anti-virus/anti-malware software, the version information for the software and the virus definition files, the scan frequency, and a history showing the scans are being performed.
Windows 10/11 Defender Settings
To manage the Windows 10/11 Defender settings, launch the Windows Defender Security Center. You can click the Start menu button and then start typing Windows Defender Security Center and as you type you will see the program listed in the filtered search list. Click the Windows Defender Security Center app to start the application.
Option: Virus & Threat Protection / Threat History
| Setting | Value |
|---|---|
| Confirm files are being scanned. | Note Last Scan Date |
Option: Virus & Threat Protection / Virus & threat protection settings
| Setting | Value |
|---|---|
| Real-time protection. | On |
| Cloud-delivered protection. | On |
| Automatic sample submission. | Optional |
| Controlled folder access. (Default: None) | Optional |
| Exclusions. (Default: None) | Optional |
| Notifications | All On & Checked |
Option: Virus & Threat Protection / Virus & threat protection updates
| Setting | Value |
|---|---|
| Threat definition version. | Current |
| Version created on. | Current |
| Last update. | Current |
Option: Virus & Threat Protection / Ransomware Protection
| Setting | Value |
|---|---|
| Controlled folder access. | On |
Option: Firewall & Network Protection: (Default inbound/outbound rules are sufficient.)
| Setting | Value |
|---|---|
| Domain network. | On |
| Private network. | On |
| Public network. | On |
The following options are not managed in the Windows Defender Security Center
From the Start Menu, type Settings to launch the Windows Settings app.
Option: Personalization / Lock screen / Screen saver settings
| Setting | Value |
|---|---|
| Screen Saver: Wait time. | 10 minutes |
| Screen Saver: On resume, display logon screen. | On |
The following configuration item is still under review because it is only achievable using the gpedit console.
| Setting | Value |
|---|---|
| Scan archive files. | On |
| Scan removable drives. | On |
| Create a system restore point. | On |
| Allow all users to view the full History reports. | On |