[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-42506-6

Platform: cpe:/o:microsoft:windows_10Date: (C)2016-09-23   (M)2023-07-04



Disable: 'Enable Protected Event Logging' This policy setting lets you configure Protected Event Logging. If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide. You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypted messages, provided that you have access to the private key corresponding to the public key that they were encrypted with. If you disable or do not configure this policy setting, components will not encrypt event log messages before writing them to the event log. Counter Measure: Enable and configure this setting depending on your organization's requirements. Potential Impact: Some users may not be able to access the event log.


Parameter:

[enable/disable]


Technical Mechanism:

(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsEvent LoggingEnable Protected Event Logging

CCSS Severity:CCSS Metrics:
CCSS Score : 5.6Attack Vector: LOCAL
Exploit Score: 0.8Attack Complexity: LOW
Impact Score: 4.7Privileges Required: HIGH
Severity: MEDIUMUser Interaction: NONE
Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:LScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: LOW
 Availability: LOW
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:35121


OVAL    1
oval:org.secpod.oval:def:35121
XCCDF    3
xccdf_org.secpod_benchmark_PCI_3_2_Windows_10
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_10
xccdf_org.secpod_benchmark_general_Windows_10

© SecPod Technologies