ISM-1417 ASD Information Security Manual (ISM)

Comprehensive Antivirus Protection on Systems

Ensure antivirus programs fully protect and scan computers daily to prevent infections.

Preventative Non-classified OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET ASD Information Security Manual Governance Malware protection Endpoints

🏛️ Framework

ASD Information Security Manual (ISM)

🧭 Control effect

Preventative

🔐 Classifications

NC, OS, P, S, TS

🗓️ ISM last updated

May 2025

✏️ Control Stack last updated

22 Feb 2026

🎯 E8 maturity levels

N/A

Guideline

Guidelines for system hardening

Section

Operating system hardening

Topic

Antivirus Application

Official control statement

An antivirus application is implemented on workstations and servers with: - signature-based detection functionality enabled and set to a high level - heuristic-based detection functionality enabled and set to a high level - reputation rating functionality enabled - ransomware protection functionality enabled - detection signatures configured to update on at least a daily basis - regular scanning configured for all fixed disks and removable media.

Source: ASD Information Security Manual (ISM)

Plain language

This control ensures that your computers have antivirus software that is up-to-date and actively scanning for threats. It is crucial because without proper antivirus protection, your systems are vulnerable to malware, viruses, and ransomware that can steal data or disrupt operations.

Why it matters

Without antivirus with signatures, heuristics, reputation and ransomware controls, malware can compromise servers/workstations, causing outages and data loss.

Operational notes

Keep signature, heuristic and reputation checks set high; enable ransomware protection; verify daily signature updates; schedule scans for fixed disks and removable media.

Implementation tips

The IT team should ensure that antivirus software is installed on all computers and servers. They can do this by creating an inventory list of all devices and checking that antivirus software is installed and working on each one.
System owners should verify that antivirus software is configured to update its detection signatures daily. This can be achieved by accessing the antivirus settings and ensuring the automatic update feature is enabled.
The IT support staff should set up the antivirus software to perform daily scans of all fixed and removable drives. This can be done by scheduling automatic scans through the antivirus software's scheduling feature.
IT managers should enable advanced features such as ransomware protection and heuristic detection. This involves reviewing the antivirus settings and turning on options for extra layers of protection if they are not already active.
Procurement should ensure that any new software or device purchases include a requirement for compatibility with the existing antivirus solution. They can include this requirement in contracts and verify the feature during vendor demonstrations.

Audit / evidence tips

Ask: the antivirus installation records: Request a list of all computers and servers with currently installed antivirus software

Good: includes all company devices with verified installations
Ask: the configuration settings: Request a screenshot or report showing that daily signature updates are enabled

Good: shows automatic daily updates are turned on
Ask: scan schedules: Request a printout or digital record of the antivirus scan schedule. Look to see if scans are set for all drives and media daily

Good: schedule shows scans happen every day without needing manual input
Ask: security feature settings: Request evidence that advanced features like heuristic and ransomware detection are enabled

Good: clearly indicates these features are switched on
Ask: procurement checklists: Request documents showing that compatibility with antivirus solutions is checked for new purchases. Look to see that antivirus criteria are part of purchasing requirements

Good: checklist includes compatibility as a standard feature for new technology

Cross-framework mappings

How ISM-1417 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

ISO 27001

Control	Notes	Details
Related (1)
Annex A 8.7	ISM-1417 mandates detailed antivirus implementation requirements (signature and heuristic detection set high, reputation ratings, ransomw...

E8

Control	Notes	Details
Supports (1)
E8-RM-ML1.3	ISM-1417 requires comprehensive antivirus on workstations and servers, including high-level detection settings, daily signature updates, ...