Microsoft Windows Server 2019

Windows Server 2019 must use an anti-virus program

STIG ID: WN19-00-000110 | SRG: SRG-OS-000480-GPOS-00227 | Severity: High | CCI: CCI-000366 | Vulnerability ID: V-205850

Description

Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operating system.

Check

C-6115r603166_chk

Verify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution.If there is no anti-virus solution installed on the system, this is a finding.Verify if Windows Defender is in use or enabled:Open "PowerShell".Enter “get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName”Verify if third-party anti-virus is in use or enabled:Open "PowerShell".Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName”Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName”

Fix

F-6115r603168_fix

If no anti-virus software is in use, install Windows Defender or third-party anti-virus.Open "PowerShell".Enter "Install-WindowsFeature -Name Windows-Defender”.For third-party anti-virus, install per anti-virus instructions and disable Windows Defender.Open "PowerShell".Enter "Uninstall-WindowsFeature -Name Windows-Defender”.