STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft Defender Antivirus Security Technical Implementation Guide

V-213435

CAT II (Medium)

Microsoft Defender AV must be configured to only send safe samples for MAPS telemetry.

Rule ID

SV-213435r961092_rule

STIG

Microsoft Defender Antivirus Security Technical Implementation Guide

Version

V2R8

CCIs

CCI-001170

Discussion

This policy setting configures behavior of samples submission when opt-in for MAPS telemetry is set. Possible options are: (0x0) Always prompt (0x1) Send safe samples automatically (0x2) Never send (0x3) Send all samples automatically

Check Content

This is applicable to unclassified systems. For other systems this is NA.

Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> MAPS >> "Send file samples when further analysis is required" is set to "Enabled" and "Send safe samples" is selected from the drop-down box.
     
Procedure: Use the Windows Registry Editor to navigate to the following key: 
HKLM\Software\Policies\Microsoft\Windows Defender\Spynet

Criteria: If the value "SubmitSamplesConsent" is REG_DWORD = 1, this is not a finding.

Fix Text

This is applicable to unclassified systems. For other systems this is NA.

Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> MAPS >> "Send file samples when further analysis is required" to "Enabled" and select "Send safe samples" from the drop-down box.