CCE-45368-8Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2017-08-03 (M)2023-07-04 |
This policy setting allows you to configure behavior monitoring.
If you enable or do not configure this setting, behavior monitoring will be enabled.
If you disable this setting, behavior monitoring will be disabled.
Vulnerability:
Disabling this setting can compromise security as behavior monitoring will be disabled, which may allow a malicious agent to use malware for attacks and may be contrary to your organization's security requirements.
Counter Measure:
Configure this setting depending on your organization's requirements.
Potential Impact:
Behavior monitoring can impact performance.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows DefenderReal-time ProtectionTurn on behavior monitoring
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows DefenderReal-Time Protection!DisableBehaviorMonitoring
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Real-time Protection\Turn on behavior monitoring
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableBehaviorMonitoring
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.0 | Attack Vector: LOCAL |
Exploit Score: 1.0 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:40338 |