Comprehensive Antivirus Protection on Systems
Ensure antivirus programs fully protect and scan computers daily to prevent infections.
Plain language
This control ensures that your computers have antivirus software that is up-to-date and actively scanning for threats. It is crucial because without proper antivirus protection, your systems are vulnerable to malware, viruses, and ransomware that can steal data or disrupt operations.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
May 2025
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for system hardeningSection
Operating system hardeningTopic
Antivirus ApplicationOfficial control statement
An antivirus application is implemented on workstations and servers with: - signature-based detection functionality enabled and set to a high level - heuristic-based detection functionality enabled and set to a high level - reputation rating functionality enabled - ransomware protection functionality enabled - detection signatures configured to update on at least a daily basis - regular scanning configured for all fixed disks and removable media.
Why it matters
Without antivirus with signatures, heuristics, reputation and ransomware controls, malware can compromise servers/workstations, causing outages and data loss.
Operational notes
Keep signature, heuristic and reputation checks set high; enable ransomware protection; verify daily signature updates; schedule scans for fixed disks and removable media.
Implementation tips
- The IT team should ensure that antivirus software is installed on all computers and servers. They can do this by creating an inventory list of all devices and checking that antivirus software is installed and working on each one.
- System owners should verify that antivirus software is configured to update its detection signatures daily. This can be achieved by accessing the antivirus settings and ensuring the automatic update feature is enabled.
- The IT support staff should set up the antivirus software to perform daily scans of all fixed and removable drives. This can be done by scheduling automatic scans through the antivirus software's scheduling feature.
- IT managers should enable advanced features such as ransomware protection and heuristic detection. This involves reviewing the antivirus settings and turning on options for extra layers of protection if they are not already active.
- Procurement should ensure that any new software or device purchases include a requirement for compatibility with the existing antivirus solution. They can include this requirement in contracts and verify the feature during vendor demonstrations.
Audit / evidence tips
-
Askthe antivirus installation records: Request a list of all computers and servers with currently installed antivirus software
Goodincludes all company devices with verified installations
-
Askthe configuration settings: Request a screenshot or report showing that daily signature updates are enabled
Goodshows automatic daily updates are turned on
-
Askscan schedules: Request a printout or digital record of the antivirus scan schedule. Look to see if scans are set for all drives and media daily
Goodschedule shows scans happen every day without needing manual input
-
Asksecurity feature settings: Request evidence that advanced features like heuristic and ransomware detection are enabled
Goodclearly indicates these features are switched on
-
Askprocurement checklists: Request documents showing that compatibility with antivirus solutions is checked for new purchases. Look to see that antivirus criteria are part of purchasing requirements
Goodchecklist includes compatibility as a standard feature for new technology
Cross-framework mappings
How ISM-1417 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| link Related (1) expand_less | ||
| Annex A 8.7 | ISM-1417 mandates detailed antivirus implementation requirements (signature and heuristic detection set high, reputation ratings, ransomw... | |
E8
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| E8-RM-ML1.3 | ISM-1417 requires comprehensive antivirus on workstations and servers, including high-level detection settings, daily signature updates, ... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.