If Option A has been selected: Where you have anti-malware software installed, is it set to update in line with the vendor's guidelines and prevent malware from running on detection?
Section A8: Malware Protection · Cyber Essentials Montpellier
What this question is really asking
If using option A, confirm that signature and definition updates for your anti-malware software are configured to apply automatically. Manually-updated anti-malware is not acceptable for Cyber Essentials — definitions must update automatically, typically at least daily. Most enterprise endpoint protection products default to automatic updates.
What satisfies this requirement
Yes or NoUsually the default setting. Windows Defender is suitable.
What to prepare before your assessor visit
'Auto-update is enabled' is where many responses stop, but assessors want to know that updates are actually happening in practice. Check your endpoint protection management console for any devices showing out-of-date definitions — a single device with week-old signatures is technically a finding. Most enterprise endpoint products report on definition age across the fleet; pull that report before your assessment and act on any outliers.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.