MT.1148 - Archive Scanning should be enabled
Overviewβ
Verify that archive scanning is enabled to detect malware in compressed files.
Disabled archive scanning allows malware to hide in compressed files (ZIP, RAR, etc.)
Remediation action:β
- Open Microsoft Endpoint Manager > Endpoint Security > Antivirus
- Edit the relevant Microsoft Defender Antivirus policy
- Enable Allow Archive Scanning
Related linksβ
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | MT.1148 |
| Severity | High |
| Suite | Maester |
| Category | Defender |
| PowerShell test | Test-MtMdeArchiveScanning |
| Tags | Defender, Maester, MT.1148 |
Sourceβ
- Pester test:
tests/Maester/Defender/Test-MtMdeAntivirusPolicy.Tests.ps1 - PowerShell source:
powershell/public/maester/defender/Test-MtMdeArchiveScanning.ps1