Windows Server 2022 must use an antivirus program.

STIG ID: WN22-00-000110  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-254248 | 

Vulnerability Discussion

Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operating system.

Check

Verify an antivirus solution is installed on the system. The antivirus solution may be bundled with an approved host-based security solution.

If there is no antivirus solution installed on the system, this is a finding.

Verify if Microsoft Defender antivirus is in use or enabled:

Open "PowerShell".

Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName"

Verify if third-party antivirus is in use or enabled:

Open "PowerShell".

Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName

Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName

Fix

If no antivirus software is in use, install Microsoft Defender or third-party antivirus.

Open "PowerShell".

Enter "Install-WindowsFeature -Name Windows-Defender".

For third-party antivirus, install per antivirus instructions and disable Windows Defender.

Open "PowerShell".

Enter "Uninstall-WindowsFeature -Name Windows-Defender".