Questionnaire Part 8 Malware Protection
This guide reflects the Willow question set, introduced in April 2025. Applications using the Montpellier question set will differ in some areas; these applications may still be completed before 28th October 2025.
Malware Protection
A8.1 Malware Protection
Are all of your desktop computers, laptops, tablets and mobile phones protected from malware by either:
A - Having anti-malware software installed
and/or
B - Limiting installation of applications by application allow listing (For example, using an app store and a list of approved applications, using a Mobile Device Management(MDM solution)
or
C - None of the above, please describe
Please select all the options that are in use in your organisation across all your devices. Most organisations that use smartphones and standard laptops will need to select both option A and B.
Option A - option for all in-scope devices running Windows or macOS including servers, desktop computers; laptop computers
Option B - option for all in-scope devices
Option C - none of the above, explanation notes will be required.
Your answer selections will trigger various question options.
Please note, if you have mobile devices in scope, we will need to see Option B selected (as well as Option A if you have anti-malware solutions installed on your desktops/laptops and servers).. There are currently no anti-malware solutions for mobiles that are compliant with the Cyber Essentials scheme.
A8.2 Daily Update
If Option A has been selected: Where you have anti-malware software installed, is it set to update in line with the vendor's guidelines and prevent malware from running on detection?
This is usually the default setting for anti-malware software. You can check these settings in the configuration screen for your anti-malware software. You can use any commonly used anti-malware product, whether free or paid-for as long as it can meet the requirements in this question. For the avoidance of doubt, Windows Defender is suitable for this purpose.
This question requires a yes or no answer. You do not need to add Applicant Notes to be compliant.
A8.3 Scan Web Pages
If Option A has been selected: Where you have anti-malware software installed, is it set to scan web pages you visit and warn you about accessing malicious websites?
Your anti-malware software or internet browser should be configured to prevent access to known malicious websites. On Windows 10, SmartScreen can provide this functionality.
This question requires a yes or no answer. You do not need to add Applicant Notes to be compliant.A8.4 Application Signing
If Option B has been selected: Where you use an app-store or application signing, are users restricted from installing unsigned applications?
Some operating systems which include Windows S, Chromebooks, mobile phones and tablets restrict you from installing unsigned applications. Usually you have to "root" or "jailbreak" a device to allow unsigned applications.
This question requires a yes or no answer. You do not need to add Applicant Notes to be compliant.
A8.5 Approved Application List
If Option B has been selected: Where you use an app-store or application signing, do you ensure that users only install applications that have been approved by your organisation and do you maintain this list of approved applications?
You must create a list of approved applications and ensure users only install these applications on their devices. This includes employee-owned devices. You may use mobile device management (MDM) software to meet this requirement but you are not required to use MDM software if you can meet the requirements using good policy, processes and training of staff.
This question requires a yes or no answer. You do not need to add Applicant Notes to be compliant.
Related Articles
Questionnaire Part 7 Access Control
This guide reflects the Willow question set, introduced in April 2025. Applications using the Montpellier question set will differ in some areas; these applications may still be completed before 28th October 2025. Access Control (User Access Control) ...Questionnaire Part 6 Secure Business Operations (Security Update Management)
This guide reflects the Willow question set, introduced in April 2025. Applications using the Montpellier question set will differ in some areas; these applications may still be completed before 28th October 2025. Security Update Management A6.1 ...Questionnaire Part 3 Insurance
This guide reflects the Willow question set, introduced in April 2025. Applications using the Montpellier question set will differ in some areas; these applications may still be completed before 28th October 2025. Insurance When a UK-domiciled ...Questionnaire Part 5 Secure Business Operations (Secure Configuration)
This guide reflects the Willow question set, introduced in April 2025. Applications using the Montpellier question set will differ in some areas; these applications may still be completed before 28th October 2025. Secure Business Operations (Secure ...Questionnaire Part 1 Your Organisation
This guide reflects the Willow question set, introduced in April 2025. Applications using the Montpellier question set will differ in some areas; these applications may still be completed before 28th October 2025. Your Organisation This section is ...