CCE-38378-6Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Process Exclusions for outbound traffic
This policy setting defines processes from which outbound network traffic will not be inspected. Process names should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a process path and name. As an example, a process might be defined as: 'C:WindowsSystem32App.exe' . The value is not used and it is recommended that this be set to 0.
If you enable this setting, inspection of outbound network for the specified processes will not be performed.
If you disable or do not configure this setting, inspection of outbound traffic will be performed for all processes.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows DefenderNetwork Inspection System Exclusions!Process Exclusions for outbound traffic
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows DefenderNISConsumersIPSExclusionsProcesses!Nis_Consumers_IPS_Exclusions_Processes_executable_Path_and_Name
CCSS Severity: | CCSS Metrics: |
CCSS Score : 4.6 | Attack Vector: LOCAL |
Exploit Score: 0.3 | Attack Complexity: HIGH |
Impact Score: 4.2 | Privileges Required: HIGH |
Severity: MEDIUM | User Interaction: REQUIRED |
Vector: AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:L | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: NONE |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:28597 |