Microsoft Windows Server 2022

Windows Server 2022 must use an antivirus program

STIG ID: WN22-00-000110 | SRG: SRG-OS-000480-GPOS-00227 | Severity: Medium | CCI: CCI-000366 | Vulnerability ID: V-254248

Description

Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operating system.

Check

C-57733r848558_chk

Verify an antivirus solution is installed on the system. The antivirus solution may be bundled with an approved host-based security solution.If there is no antivirus solution installed on the system, this is a finding.Verify if Microsoft Defender antivirus is in use or enabled:Open "PowerShell".Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName"Verify if third-party antivirus is in use or enabled:Open "PowerShell".Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayNameEnter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName

Fix

F-57684r848559_fix

If no antivirus software is in use, install Microsoft Defender or third-party antivirus.Open "PowerShell".Enter "Install-WindowsFeature -Name Windows-Defender".For third-party antivirus, install per antivirus instructions and disable Windows Defender.Open "PowerShell".Enter "Uninstall-WindowsFeature -Name Windows-Defender".