Control 8.2: Ensure Anti-Malware Software and Signatures Are Updated¶

Ensure that the organization’s anti-malware software updates its scanning engine and signature database on a regular basis.

Category¶

Technical

Purpose¶

Anti-malware, also known as anti-virus, is a well-known security technology. Anti-malware suites work by constantly monitoring all of the running applications on a system, and alerting an enterprise administrator if a malicious program or other suspicious activity is detected. A list of suspicious applications and actions that the security technology looks for is created and kept up-to-date by the anti-virus company. That company regularly delivers updates to the suspicious applications and actions list on a regular basis, and these updates are called signatures. If signatures are not downloaded and installed on a regular basis, machines may be vulnerable to the most recent attacks. Because it is easy to forget, antivirus updates should be set to automatically download and install on each and every computer or server in an enterprise.

Malware is software specifically designed to attack computer systems, devices, and data. Malware is the catch-all term for spyware, adware, and all the other types of malicious software, and it is quick to change and hard to track. Malware can enter an enterprise through any number of points such as email attachments, malicious apps, web pages, and USB drives. Modern malware can be quite benign and just slow a computer system down, or be much more pernicious and pilfer passwords, steal proprietary company secrets, or delete all enterprise data.

Automation¶

This is an easy Sub-Control to automate and is worth the time spent to properly configure.

Guidance and Tools¶

Although there are free products designed to remove malware, many free antivirus tools may actually be malware themselves, or try to install malware on a computer system. The safest option is to use and properly configure the set of tools that comes with Windows 10. Microsoft provides two closely related products for free that come built-into every copy of Windows.

Windows Defender Security Center: This application is a portal into a Windows system’s overall security status, including the downloading of software updates (https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center).

Step-by-step instructions for implementing this Sub-Control can be found in: Checking Windows Defender Security Center and Enabling Windows Defender Security Center via LGPE