Is Microsoft Defender acceptable?

Built-in OS malware protection is generally acceptable provided it is enabled, updating and configured. Check the current Cyber Essentials guidance for specifics.

Do mobile devices count?

In-scope mobiles need malware protection or controls equivalent to the platform's app-store model. Document your approach.

How often should I refresh malware evidence?

At least annually, and any time you change your security tool or roll out new devices.

Evidence area

Cyber Essentials malware protection evidence

Cyber Essentials needs evidence that malware protection — antivirus, EDR, or built-in OS protection — is active across every in-scope device.

Start free See features

Where malware evidence usually fails

Most SMEs have antivirus installed somewhere, but can't quickly prove every device is covered, alerts are reviewed and exceptions are documented.

Examples of malware protection evidence

Antivirus or EDR console screenshot
Device coverage report from your security tool
Built-in malware protection (e.g. Windows Defender, XProtect) settings
Malware response or alert review notes
Policy document covering acceptable software
List of in-scope devices with protection status

How Evaud helps

Per-device linkage

Link malware evidence to laptops, servers and mobiles in your asset register.

Owner and review date

Each evidence item has an owner and review date — no surprise gaps at renewal.

Assessor visibility

Approved items appear in the read-only assessor portal without exposing raw consoles.

Frequently asked questions

Start building your Cyber Essentials evidence today.

Free to try. No credit card required.

Start free Contact us