[Forgot Password]
Login  Register Subscribe

24003

 
 

131401

 
 

103942

 
 

909

 
 

84051

 
 

133

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-44468-7

Platform: win2016Date: (C)2017-08-03   (M)2018-04-10



"Boot-Start Driver Initialization Policy" This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver: - Good: The driver has been signed and has not been tampered with. - Bad: The driver has been identified as malware. It is recommended that you do not allow known bad drivers to be initialized. - Bad, but required for boot: The driver has been identified as malware, but the computer cannot successfully boot without loading this driver. - Unknown: This driver has not been attested to by your malware detection application and has not been classified by the Early Launch Antimalware boot-start driver. If you enable this policy setting you will be able to choose which boot-start drivers to initialize the next time the computer is started. If you disable or do not configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped. If your malware detection application does not include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized. Vulnerability: This policy setting helps reduce the impact of malware that has already infected your system. Counter Measure: Enable this policy setting and then select Good and Unknown. Potential Impact: If you enable this policy setting you will be able to choose which boot-start drivers to initialize the next time the computer is started. If you disable or do not configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped. If your malware detection application does not include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.


Parameter:


Technical Mechanism: Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Early Launch Antimalware (2) REG: No Registry Info

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:40198


OVAL    1
oval:org.secpod.oval:def:40198
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_Server_2016

© 2013 SecPod Technologies