UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Windows SmartScreen must be configured to require approval from an administrator before running downloaded unknown software on Windows 2012/2012 R2.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36707 WN12-CC-000088 SV-51747r3_rule Medium
Description
Windows SmartScreen helps protect systems from programs downloaded from the internet that may be malicious. Requiring administrator approval before running unknown software will prevent potentially malicious programs from executing.
STIG Date
Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide 2018-03-07

Details

Check Text ( C-78099r1_chk )
If the following registry value does not exist or is not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\Windows\System\

Value Name: EnableSmartScreen

Type: REG_DWORD
Value: 0x00000002 (2)
Fix Text (F-85265r2_fix)
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> File Explorer >> "Configure Windows SmartScreen" to "Enabled" with "Require approval from an administrator before running downloaded unknown software" selected.