Windows Security Checks
10 checks Pareto Security runs on Windows
Each check covers a common security misconfiguration on Windows, with links to step-by-step fixes.
Access Security
| Check | Description | Required in frameworks |
|---|---|---|
| Password after sleep or screensaver is on | Waking from sleep or the screensaver requires the account password, not just any keypress. | CISISONIST CSFSOC |
| Password manager is installed | A password manager helps you generate, store, and use a unique strong password for every account on Windows. | NIST CSFEssentialsSOC |
| Screen Saver shows after 20 min | The screen locks automatically after a period of inactivity to prevent unauthorized access when you're away. | CISISONIST CSFSOC |
Application Updates
| Check | Description | Required in frameworks |
|---|---|---|
| Automatic Updates are enabled | Windows Update keeps the OS, drivers, malware definitions, and Microsoft apps current. | CISISONIST CSFSOC |
| Package managers delay new releases | On Windows, developer package managers wait at least 7 days before installing new packages, so registries can catch compromised releases first. | SOC |
| Pareto Security is up-to-date | You're running the most recent version of Pareto Security for Windows, so it ships the latest checks. |
Firewall & Sharing
| Check | Description | Required in frameworks |
|---|---|---|
| Firewall is on | Windows Defender Firewall blocks contact from other computers on the Internet or on your network. | CISISONIST CSFSOC |
| Remote Login is off | Remote Desktop (RDP) lets other devices control your computer and should be off unless actively needed. | CISEssentials |
System Integrity
| Check | Description | Required in frameworks |
|---|---|---|
| Antivirus is installed | Antivirus software protects Windows from viruses, malware, and other threats in real time. | CISISONIST CSFSOC |
| Disk encryption is enabled | BitLocker encrypts the entire drive so your files stay protected if the device is lost or stolen. | CISISONIST CSFSOC |