Windows Server 2019 system files must be monitored for unauthorized changes.

STIG ID: WN19-00-000220  |  SRG: SRG-OS-000363-GPOS-00150 |  Severity: medium |  CCI: CCI-001744 |  Vulnerability Id: V-205803 | 

Vulnerability Discussion

Monitoring system files for changes against a baseline on a regular basis may help detect the possible introduction of malicious code on a system.

Check

Determine whether the system is monitored for unauthorized changes to system files (e.g., *.exe, *.bat, *.com, *.cmd, and *.dll) against a baseline on a weekly basis.

If system files are not monitored for unauthorized changes, this is a finding.

An approved and properly configured solution will contain both a list of baselines that includes all system file locations and a file comparison task that is scheduled to run at least weekly.

Fix

Monitor the system for unauthorized changes to system files (e.g., *.exe, *.bat, *.com, *.cmd, and *.dll) against a baseline on a weekly basis. This can be done with the use of various monitoring tools.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.