UCF STIG Viewer Logo

SharePoint must prevent non-privileged users from circumventing malicious code protection capabilities.


Overview

Finding ID Version Rule ID IA Controls Severity
V-59987 SP13-00-000140 SV-74417r1_rule High
Description
Malicious code protection software must be protected to prevent a non-privileged user or malicious piece of software from disabling the protection mechanism. A common tactic of malware is to identify the type of malicious code protection software running on the system and deactivate it. Malicious code includes viruses, worms, Trojan horses, and Spyware. Examples include the capability for non-administrative users to turn off or otherwise disable anti-virus.
STIG Date
SharePoint 2013 Security Technical Implementation Guide 2016-03-25

Details

Check Text ( C-60677r1_chk )
Review the SharePoint server configuration to ensure non-privileged users are prevented from circumventing malicious code protection capabilities.

Confirm that the list of blocked file types configured in Central Administration matches the "blacklist" document in the application's SSP. See TechNet for default file types that are blocked: http://technet.microsoft.com/en-us/library/cc262496.aspx

Navigate to Central Administration.

Click "Manage web applications".

Select the web application by clicking its name.

Select "Blocked File Types" from the ribbon.

Compare the list of blocked file types to those listed in the SSP. If the SSP has file types that are not in the blocked file types list, this is a finding.

Repeat check for each web application.
Fix Text (F-65397r2_fix)
Configure the SharePoint server to prevent non-privileged users from circumventing malicious code protection capabilities.

Navigate to Central Administration.

Click "Manage web applications".

Select the web application by clicking its name.

Select "Blocked File Types" from the ribbon.

Add file types that are defined in the SSP but not in the list of blocked file types.

Click "Ok".

Repeat for each web application that has findings.