Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-36707 | WN12-CC-000088 | SV-51747r3_rule | Medium |
Description |
---|
Windows SmartScreen helps protect systems from programs downloaded from the internet that may be malicious. Requiring administrator approval before running unknown software will prevent potentially malicious programs from executing. |
STIG | Date |
---|---|
Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide | 2018-03-07 |
Check Text ( C-78099r1_chk ) |
---|
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\System\ Value Name: EnableSmartScreen Type: REG_DWORD Value: 0x00000002 (2) |
Fix Text (F-85265r2_fix) |
---|
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> File Explorer >> "Configure Windows SmartScreen" to "Enabled" with "Require approval from an administrator before running downloaded unknown software" selected. |