Skip to main content
Version: 2.1.1-preview

MT.1156 - Scanning Network Files should be enabled

Overview​

Verify that scanning network files is enabled despite SMB load considerations.

Disabled network file scanning creates attack vectors through shared files.

Remediation action:​

  1. Open Microsoft Endpoint Manager > Endpoint Security > Antivirus
  2. Edit the relevant Microsoft Defender Antivirus policy
  3. Enable Allow Scanning Network Files

Test Metadata​

FieldValue
Test IDMT.1156
SeverityHigh
SuiteM365 Advisor
CategoryDefender
PowerShell testTest-MtMdeNetworkFileScanning
TagsDefender, M365Advisor, MT.1156

Remediation​

  1. Open Microsoft Endpoint Manager > Endpoint Security > Antivirus
  2. Edit the relevant Microsoft Defender Antivirus policy
  3. Enable Allow Scanning Network Files

Source​

  • Pester test: tests/M365Advisor/Defender/Test-MtMdeAntivirusPolicy.Tests.ps1
  • PowerShell source: powershell/public/M365Advisor/defender/Test-MtMdeNetworkFileScanning.ps1