The update check interval must be configured and set to 30 days.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15564	DTBI680	SV-45435r1_rule		Medium

Description
Although Microsoft thoroughly tests all patches and service packs before they are published, organizations should carefully control all of the software that is installed on their managed computers. This setting specifies the update check interval, automatic installation, and the default interval value, which is 30 days. If you enable this policy setting, the user will not be able to configure the update check interval, and computers will not automatically download and install updates for Internet Explorer. The update check interval must be specified. If you disable or do not configure this policy setting, the user will have the freedom to configure the update check interval.

Description

Although Microsoft thoroughly tests all patches and service packs before they are published, organizations should carefully control all of the software that is installed on their managed computers. This setting specifies the update check interval, automatic installation, and the default interval value, which is 30 days. If you enable this policy setting, the user will not be able to configure the update check interval, and computers will not automatically download and install updates for Internet Explorer. The update check interval must be specified. If you disable or do not configure this policy setting, the user will have the freedom to configure the update check interval.

STIG	Date
Microsoft Internet Explorer 10 Security Technical Implementation Guide	2016-06-24

Details

Check Text ( C-42784r1_chk )
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Settings -> Component Updates -> Periodic check for updates to Internet Explorer and Internet Tools -> "Prevent specifying the update check interval (in days)" must be "Enabled", and "30" selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main Criteria: If the value Update_Check_Interval is REG_DWORD = 30 (Decimal), this is not a finding.

Check Text ( C-42784r1_chk )

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Settings -> Component Updates -> Periodic check for updates to Internet Explorer and Internet Tools -> "Prevent specifying the update check interval (in days)" must be "Enabled", and "30" selected from the drop-down box.

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main

Criteria: If the value Update_Check_Interval is REG_DWORD = 30 (Decimal), this is not a finding.

Fix Text (F-38832r1_fix)
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Settings -> Component Updates -> Periodic check for updates to Internet Explorer and Internet Tools -> "Prevent specifying the update check interval (in days)" to "Enabled", and select "30" from the drop-down box.