Managing SmartScreen Filter use must be enforced.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22108	DTBI740	SV-40704r1_rule	ECSC-1	Medium

Description
This setting is important from a security perspective because Microsoft has extensive data illustrating the positive impact the SmartScreen filter has had on reducing the risk of malware infection via visiting malicious web sites. This policy setting allows the users to enable the SmartScreen Filter, which will warn if the web site being visited is known for fraudulent attempts to gather personal information through "phishing" or is known to host malware. If you enable this setting, the user will not be prompted to enable the SmartScreen Filter. It must be specified which mode the SmartScreen Filter uses: on or off. If the feature is on, all web site addresses not contained on the filter's allow list, will be sent automatically to Microsoft without prompting the user. If the feature is off, the user will be prompted to decide the mode of operation for the SmartScreen Filter during the first run experience.

Description

This setting is important from a security perspective because Microsoft has extensive data illustrating the positive impact the SmartScreen filter has had on reducing the risk of malware infection via visiting malicious web sites. This policy setting allows the users to enable the SmartScreen Filter, which will warn if the web site being visited is known for fraudulent attempts to gather personal information through "phishing" or is known to host malware. If you enable this setting, the user will not be prompted to enable the SmartScreen Filter. It must be specified which mode the SmartScreen Filter uses: on or off. If the feature is on, all web site addresses not contained on the filter's allow list, will be sent automatically to Microsoft without prompting the user. If the feature is off, the user will be prompted to decide the mode of operation for the SmartScreen Filter during the first run experience.

STIG	Date
Microsoft Internet Explorer 9 Security Technical Implementation Guide	2015-12-17

Details

Check Text ( C-39431r2_chk )
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Turn off Managing SmartScreen Filter for Internet Explorer 9" must be “Enabled” and “Off” selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter Criteria: If the value EnabledV9 is REG_DWORD = 0, this is not a finding.

Check Text ( C-39431r2_chk )

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Turn off Managing SmartScreen Filter for Internet Explorer 9" must be “Enabled” and “Off” selected from the drop-down box.

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter

Criteria: If the value EnabledV9 is REG_DWORD = 0, this is not a finding.

Fix Text (F-34560r1_fix)
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Turn off Managing SmartScreen Filter for Internet Explorer 9" to “Enabled” and select “Off” from the drop-down box.