Citadel / Controls / Antivirus

Antivirus Control

What does this control check?

The Antivirus control verifies that antivirus protection is enabled and actively protecting your Windows computer. This includes Windows Defender (the built-in antivirus) or approved third-party antivirus software configured by your IT team.

Important: Antivirus software is your primary defense against malware, viruses, ransomware, and other malicious software. It continuously scans files you download, programs you run, and activities on your computer to detect and block threats in real-time. Without active antivirus protection, your computer is vulnerable to infection from email attachments, malicious websites, infected downloads, and exploits. Modern malware can steal your passwords, encrypt your files for ransom, spy on your activities, or use your computer to attack others - and without antivirus, these threats can operate undetected.

Why is this important?

🦠

Malware Detection

Antivirus software detects and blocks viruses, trojans, ransomware, and other malicious software before they can infect your computer and steal or encrypt your data.

Real-Time Protection

Antivirus works continuously in the background, scanning files as you download them and programs as you run them, catching threats before they can execute and cause damage.

🔍

Threat Intelligence

Modern antivirus uses cloud-based threat intelligence to identify new malware variants and attack techniques, protecting you from the latest threats even if they're just hours old.

How to fix this

Enabling Antivirus Protection on Windows

Check Windows Security Center:

  1. Click the Start button and select Settings
  2. Click Privacy & security
  3. Click Windows Security
  4. Click Virus & threat protection
  5. Check the status under "Virus & threat protection"
  6. It should show a green checkmark and "No actions needed"

If Windows Defender is turned off:

  1. In the Virus & threat protection screen
  2. Click Manage settings under "Virus & threat protection settings"
  3. Toggle Real-time protection to On
  4. Also ensure Cloud-delivered protection is On
  5. And Automatic sample submission is On
Third-party antivirus: If your organization uses third-party antivirus software (like Symantec, McAfee, CrowdStrike, etc.), Windows Defender may be disabled automatically. In this case, verify the third-party antivirus is running and up to date instead.
⚠️ Important notes:
  • If you can't turn on Real-time protection, you may have third-party antivirus installed
  • Never run two antivirus programs simultaneously - they will conflict
  • If antivirus repeatedly turns itself off, you may have a malware infection - contact IT immediately
  • Antivirus may slow down your computer slightly during scans - this is normal
  • Don't disable antivirus to improve performance or to install software

Verifying the fix

After enabling antivirus protection, Citadel will automatically verify this control during its next check.

To verify antivirus is active:

  1. Open SettingsPrivacy & securityWindows Security
  2. Click Virus & threat protection
  3. You should see a green checkmark and "No actions needed"
  4. Under "Current threats", it should show "No current threats"
  5. Check "Last scan" - it should show a recent date/time
  6. Under "Virus & threat protection settings", verify Real-time protection is On

Note: If you see a yellow warning about Quick scan, that's a reminder to run a scan - not a critical issue. Click "Quick scan" to run it.