CCE-98660-4Platform: cpe:/o:microsoft:windows_10 | Date: (C)2022-07-05 (M)2023-07-04 |
This policy setting allows you to configure required actions and validations that enable users to trust files that open in Application Guard. Upon successful completion, the files will open on the host.
If you enable this setting, you must select one or more of the following:
0. Do not allow users to manually trust files: Users will not be given the option to trust files.
1. Allow users to manually trust files: Users can open UI in Windows that enables them to explicitly trust selected files.
2. Allow users to manually trust after an antivirus check: Users can open UI in Windows that enables them to explicitly trust selected files. The files are trusted only after they are cleared by the antivirus program that is installed on the user's device.
If you disable or don't configure this setting, users will not be able to trust files that open in Application Guard.
Configure required actions and validations that must be completed by an end-user to promote an untrusted file and open, view, and edit it on the user's device.
0. Do not allow users to manually trust files
1. Allow users to manually trust files
2. Allow users to manually trust files after an antivirus check
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsMicrosoft Defender Application GuardAllow users to trust files that open in Windows Defender Application Guard
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftAppHVSI!FileTrustCriteria
Parameter:
[Do not allow users to manually trust files/Allow users to manually trust files/Allow users to manually trust after an antivirus check]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow users to trust files that open in Windows Defender Application Guard
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppHVSI!FileTrustCriteria
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.5 | Attack Vector: NETWORK |
Exploit Score: 1.6 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: REQUIRED |
Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:81840 |