← Back to Microsoft Defender Antivirus Security Technical Implementation Guide

V-213449

CAT II (Medium)

Microsoft Defender AV must be configured to scan removable drives.

Rule ID

SV-213449r960852_rule

STIG

Microsoft Defender Antivirus Security Technical Implementation Guide

Version

V2R8

CCIs

CCI-000870

Discussion

This policy setting allows the management of whether or not to scan for malicious software and unwanted software in the contents of removable drives such as USB flash drives when running a full scan. If this setting is enabled, removable drives will be scanned during any type of scan. If this setting is disabled or not configured, removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan.

Check Content

Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Scan >> "Scan removable drives" is set to "Enabled".
 
Procedure: Use the Windows Registry Editor to navigate to the following key: 
HKLM\Software\Policies\Microsoft\Windows Defender\Scan

Criteria: If the value "DisableRemovableDriveScanning" is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Defender Antivirus >> Scan >> "Scan removable drives" to "Enabled".