Turn off Managing Phishing filter is not disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15495	DTBI330	SV-16342r1_rule	ECSC-1	Medium

Description
This policy setting allows the user to enable a phishing filter that will warn if the Web site being visited is known for fraudulent attempts to gather personal information through "phishing." If you enable this policy setting, the user will not be prompted to enable the phishing filter. You must specify which mode the phishing filter uses: manual, automatic, or off. If you select manual mode, the phishing filter performs only local analysis and users are prompted to permit any data to be sent to Microsoft. If the feature is fully enabled, all website addresses not contained on the filter's whitelist will be sent automatically to Microsoft without prompting the user. If you disable or do not configure this policy setting, the user will be prompted to decide the mode of operation for the phishing filter.

Description

This policy setting allows the user to enable a phishing filter that will warn if the Web site being visited is known for fraudulent attempts to gather personal information through "phishing." If you enable this policy setting, the user will not be prompted to enable the phishing filter. You must specify which mode the phishing filter uses: manual, automatic, or off. If you select manual mode, the phishing filter performs only local analysis and users are prompted to permit any data to be sent to Microsoft. If the feature is fully enabled, all website addresses not contained on the filter's whitelist will be sent automatically to Microsoft without prompting the user. If you disable or do not configure this policy setting, the user will be prompted to decide the mode of operation for the phishing filter.

STIG	Date
Microsoft IE Version 7	2015-12-17

Details

Check Text ( C-14518r1_chk )
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Turn off Managing Phishing filter" will be set to “Enabled” and "Off" selected. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter Criteria: If the value Enabled is REG_DWORD = 0, this is not a finding.

Check Text ( C-14518r1_chk )

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Turn off Managing Phishing filter" will be set to “Enabled” and "Off" selected.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter

Criteria: If the value Enabled is REG_DWORD = 0, this is not a finding.

Fix Text (F-15126r1_fix)
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Turn off Managing Phishing filter" will be set to “Enabled” and "Off" selected. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter Criteria: Set the value Enabled to REG_DWORD = 0.