mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
CIS_WIN_18.9.47.9.x (#10791)
This commit is contained in:
Sharon Katz
GitHub
parent
4510cb2bc8
commit
5f42f39019
1 changed files with 141 additions and 0 deletions
|
|
@ -5500,6 +5500,147 @@ spec:
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
This policy setting configures scanning for all downloaded files and attachments.
|
||||
The recommended state for this setting is: Enabled.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to 'Enabled':
|
||||
'Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-Time Protection\Scan all downloaded files and attachments'
|
||||
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableIOAVProtection' AND data = 0);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.9.1
|
||||
contributors: sharon-fdm
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'Turn off real-time protection' is set to 'Disabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
This policy setting configures real-time protection prompts for known malware detection.
|
||||
Microsoft Defender Antivirus alerts you when malware or potentially unwanted software attempts to install itself or to run on your computer.
|
||||
The recommended state for this setting is: Disabled.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to 'Disabled':
|
||||
'Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-Time Protection\Turn off real- time protection'
|
||||
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableRealtimeMonitoring' AND data = 0);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.9.2
|
||||
contributors: sharon-fdm
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'Turn on behavior monitoring' is set to 'Enabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
This policy setting allows you to configure behavior monitoring for Microsoft Defender Antivirus.
|
||||
The recommended state for this setting is: Enabled.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to 'Enabled':
|
||||
'Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-Time Protection\Turn on behavior monitoring'
|
||||
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableBehaviorMonitoring' AND data = 0);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.9.3
|
||||
contributors: sharon-fdm
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'Turn on script scanning' is set to 'Enabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
This policy setting allows script scanning to be turned on/off. Script scanning intercepts scripts then scans them before they are executed on the system.
|
||||
The recommended state for this setting is: Enabled.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to 'Enabled':
|
||||
'Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-Time Protection\Turn on script scanning'
|
||||
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableScriptScanning' AND data = 0);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.9.4
|
||||
contributors: sharon-fdm
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'Configure Watson events' is set to 'Disabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
This policy setting allows you to configure whether or not Watson events are sent.
|
||||
The recommended state for this setting is: Disabled.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to 'Disabled':
|
||||
'Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Reporting\Configure Watson events'
|
||||
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Reporting\\DisableGenericRePorts' AND data = 1);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.11.1
|
||||
contributors: sharon-fdm
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'Scan removable drives' is set to 'Enabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.
|
||||
The recommended state for this setting is: Enabled.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to 'Enabled':
|
||||
'Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Scan\Scan removable drives'
|
||||
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Scan\\DisableRemovableDriveScanning' AND data = 0);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.12.1
|
||||
contributors: sharon-fdm
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'Turn on e-mail scanning' is set to 'Enabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac).
|
||||
The recommended state for this setting is: Enabled.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to 'Enabled':
|
||||
'Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Scan\Turn on e-mail scanning'
|
||||
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Scan\\DisableEmailScanning' AND data = 0);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.12.2
|
||||
contributors: sharon-fdm
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'Allow suggested apps in Windows Ink Workspace' is set to 'Disabled'
|
||||
|
|
|
|||
Loading…
Reference in a new issue