Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-70637 | WN10-00-000155 | SV-85259r1_rule | Medium |
Description |
---|
Windows PowerShell 5.0 added advanced logging features which can provide additional detail when malware has been run on a system. Disabling the Windows PowerShell 2.0 mitigates against a downgrade attack that evades the Windows PowerShell 5.0 script block logging feature. |
STIG | Date |
---|---|
Windows 10 Security Technical Implementation Guide | 2016-10-28 |
Check Text ( None ) |
---|
None |
Fix Text (F-76869r1_fix) |
---|
Disable "Windows PowerShell 2.0" on the system. Run "Windows PowerShell" with elevated privileges (run as administrator). Enter the following: Disable-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root This command should disable both "MicrosoftWindowsPowerShellV2Root" and "MicrosoftWindowsPowerShellV2" which correspond to "Windows PowerShell 2.0" and "Windows PowerShell 2.0 Engine" respectively in "Turn Windows features on or off". Alternately: Search for "Features". Select "Turn Windows features on or off". De-select "Windows PowerShell 2.0". |