L1 BIO 16.01 ISO A.12.4.1 CIS 18.9.19.2

Days Totdat Aggressive Catchup Quick Scan Is Set To 7 Days Of Fewer

πŸ“… 2025-10-30
β€’
⏱️ 2 minuten lezen
β€’
πŸ”΄ Must-Have

πŸ’Ό Management Samenvatting

Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.

Aanbeveling
IMPLEMENT
Risico zonder
High
Risk Score
7/10
Implementatie
2u (tech: 1u)
Van toepassing op:
βœ“ Windows

Deze instelling is onderdeel van de Windows security baseline en beschermt tegen bekende aanvalsvectoren door het afdwingen van veilige configuraties.

PowerShell Modules Vereist
Primary API: Graph
Connection: Connect-MgGraph
Required Modules: Microsoft.Graph.DeviceManagement

Implementatie

Dit regelen configureert days Totdat aggressive catchup quick scan is set to 7 days of fewer via Microsoft Intune apparaat configuratie beleid of compliance policies om Windows endpoints te beveiligen volgens security best practices.

Vereisten

Microsoft Intune via device configuratiebeleidsregels

Implementatie

Gebruik PowerShell-script days-until-aggressive-catchup-quick-scan-is-set-to-7-days-or-fewer.ps1 (functie Invoke-Monitoring) – Monitoren.

monitoring

Gebruik PowerShell-script days-until-aggressive-catchup-quick-scan-is-set-to-7-days-or-fewer.ps1 (functie Invoke-Monitoring) – Controleren.

Remediatie

Gebruik PowerShell-script days-until-aggressive-catchup-quick-scan-is-set-to-7-days-or-fewer.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance en Auditing

Beleid documentatie

Compliance & Frameworks

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell
<# .SYNOPSIS Intune Windows Defender: Aggressive Catchup Scan Days .DESCRIPTION CIS - Catchup scan na 7 dagen of minder. .NOTES Filename: defender-catchup-days.ps1|Author: Nederlandse Baseline voor Veilige Cloud|Setting: QuickScanAge|Expected: 7 days or fewer #> #Requires -Version 5.1 #Requires -RunAsAdministrator [CmdletBinding()]param([switch]$WhatIf, [switch]$Monitoring, [switch]$Remediation, [switch]$Revert) $ErrorActionPreference = 'Stop'; $MaxDays = 7 function Connect-RequiredServices { $p = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()); return $p.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) } function Test-Compliance { $r = [PSCustomObject]@{ScriptName = "defender-catchup.ps1"; PolicyName = "Defender Catchup Scan"; IsCompliant = $false; CurrentValue = $null; ExpectedValue = "$MaxDays days max"; Details = @() }; function Invoke-Revert { Set-MpPreference -ScanAvgCPULoadFactor 50 } try { $pref = Get-MpPreference; $r.CurrentValue = "$($pref.ScanAvgCPULoadFactor) days"; if ($pref.ScanAvgCPULoadFactor -le $MaxDays) { $r.IsCompliant = $true; $r.Details += "Catchup scan OK" }else { $r.Details += "Catchup: $($pref.ScanAvgCPULoadFactor) days" } }catch { $r.Details += "Error: $($_.Exception.Message)" }; return $r } function Invoke-Remediation { Set-MpPreference -ScanAvgCPULoadFactor $MaxDays; Write-Host "Catchup scan: $MaxDays days" -ForegroundColor Green } function Invoke-Monitoring { $r = Test-Compliance; Write-Host "`n$($r.PolicyName): $(if($r.IsCompliant){'COMPLIANT'}else{'NON-COMPLIANT'})" -ForegroundColor $(if ($r.IsCompliant) { 'Green' }else { 'Red' }); return $r } function Invoke-Revert { Set-MpPreference -ScanAvgCPULoadFactor 50 } try { if (-not(Connect-RequiredServices)) { exit 1 }; if ($Monitoring) { $r = Invoke-Monitoring; exit $(if ($r.IsCompliant) { 0 }else { 1 }) }elseif ($Remediation) { if (-not $WhatIf) { Invoke-Remediation } }elseif ($Revert) { Invoke-Revert }else { $r = Test-Compliance; exit $(if ($r.IsCompliant) { 0 }else { 1 }) } }catch { Write-Error $_; exit 1 }

Risico zonder implementatie

Risico zonder implementatie
High: No auth tracking.

Management Samenvatting

Schakel in audit logging.