CCE-43802-8| Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Disable: 'Disable installing Windows apps on non-system volumes'
This policy setting allows you to manage installing Windows apps on additional volumes such as secondary partitions, USB drives, or SD cards.
If you enable this setting, you can't move or install Windows apps on volumes that are not the system volume.
If you disable or do not configure this setting, you can move or install Windows apps on other volumes.
Counter Measure:
Enable and configure this setting.
Potential Impact:
Users cannot move or install Windows apps on volumes that are not the system volume.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsApp Package DeploymentDisable installing Windows apps on non-system volumes
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsAppxRestrictAppToSystemVolume
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 7.0 | Attack Vector: LOCAL |
| Exploit Score: 1.0 | Attack Complexity: HIGH |
| Impact Score: 5.9 | Privileges Required: LOW |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35316 |
