MT.1154 - Full Scan Removable Drives should be enabled
Overviewβ
Verify that full scan of removable drives is enabled to mitigate USB risks.
Disabled removable drive scanning allows USB-based malware infections.
Remediation action:β
- Open Microsoft Endpoint Manager > Endpoint Security > Antivirus
- Edit the relevant Microsoft Defender Antivirus policy
- Enable Allow Full Scan on Removable Drives
Related linksβ
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | MT.1154 |
| Severity | High |
| Suite | Maester |
| Category | Defender |
| PowerShell test | Test-MtMdeRemovableDriveScanning |
| Tags | Defender, Maester, MT.1154 |
Sourceβ
- Pester test:
tests/Maester/Defender/Test-MtMdeAntivirusPolicy.Tests.ps1 - PowerShell source:
powershell/public/maester/defender/Test-MtMdeRemovableDriveScanning.ps1