CCE-98646-3Platform: cpe:/o:microsoft:windows_10 | Date: (C)2022-07-05 (M)2023-07-04 |
This policy setting allows you to decide how the clipboard behaves while in Microsoft Defender Application Guard.
If you enable this setting, you must choose from the following behaviors:
- Disable clipboard functionality completely between the host and Application Guard
- Enable the clipboard to copy content from Application Guard to the host
- Enable the clipboard to copy content from the host to Application Guard.
Note:
We recommend that you don't enable copying from the host to Application Guard. If you enable this functionality, a potentially compromised Application Guard session will have access to the host device's clipboard and its content.
If you choose to enable copying, you must also choose the type of content that can be copied, by using the content options:
- 1. Allows text copying.
- 2. Allows image copying.
- 3. Allows both text and image copying.
If you disable or don't configure this setting, all clipboard functionality is turned off in Application Guard.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsMicrosoft Defender Application GuardConfigure Microsoft Defender Application Guard clipboard settings
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftAppHVSI!AppHVSIClipboardSettings
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftAppHVSI!AppHVSIClipboardFileType
Parameter:
[Block clipboard operations/Enable clipboard operation from an isolated session to the host/Enable clipboard operation from an host to the isolated session/Enable clipboard operation both directions, Allows text copying/Allows image copying/Allows both text and image copying]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Configure Microsoft Defender Application Guard clipboard settings
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppHVSI!AppHVSIClipboardSettings
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppHVSI!AppHVSIClipboardFileType
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.8 | Attack Vector: LOCAL |
Exploit Score: 1.1 | Attack Complexity: HIGH |
Impact Score: 6.0 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:81827 |