CCE-36961-1| Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Turn on reparse point scanning
This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there is a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this is the recommended state for this functionality.
If you enable this setting, reparse point scanning will be enabled.
If you disable or do not configure this setting, reparse point scanning will be disabled.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows DefenderScan!Turn on reparse point scanning
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows DefenderScan!DisableReparsePointScanning
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 5.5 | Attack Vector: LOCAL |
| Exploit Score: 1.8 | Attack Complexity: LOW |
| Impact Score: 3.6 | Privileges Required: LOW |
| Severity: MEDIUM | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | Scope: UNCHANGED |
| | Confidentiality: NONE |
| | Integrity: NONE |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:27728 |
