Microsoft Defender AV must be configured to only send safe samples for MAPS telemetry.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-213435	SRG-APP-000210	WNDF-AV-000011	SV-213435r823042_rule	2022-04-08	2

Description
This policy setting configures behavior of samples submission when opt-in for MAPS telemetry is set. Possible options are: (0x0) Always prompt (0x1) Send safe samples automatically (0x2) Never send (0x3) Send all samples automatically

ℹ️ Check
This is applicable to unclassified systems. For other systems this is NA. Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> MAPS >> "Send file samples when further analysis is required" is set to "Enabled" and "Send safe samples" is selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows Defender\Spynet Criteria: If the value "SubmitSamplesConsent" is REG_DWORD = 1, this is not a finding.

ℹ️ Check

This is applicable to unclassified systems. For other systems this is NA. Verify the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> MAPS >> "Send file samples when further analysis is required" is set to "Enabled" and "Send safe samples" is selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows Defender\Spynet Criteria: If the value "SubmitSamplesConsent" is REG_DWORD = 1, this is not a finding.

✔️ Fix
This is applicable to unclassified systems. For other systems this is NA. Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> MAPS >> "Send file samples when further analysis is required" to "Enabled" and select "Send safe samples" from the drop-down box.