CCE-98634-9Platform: cpe:/o:microsoft:windows_10 | Date: (C)2022-06-20 (M)2023-07-04 |
This policy setting allows you to decide whether auditing events can be collected from Microsoft Defender Application Guard.
If you enable this setting, Application Guard inherits auditing policies from your device and logs system events from the Application Guard container to your host.
If you disable or don't configure this setting, event logs aren't collected from your Application Guard container.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsMicrosoft Defender Application GuardAllow auditing events in Microsoft Defender Application Guard
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftAppHVSI!AuditApplicationGuard
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow auditing events in Microsoft Defender Application Guard
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppHVSI!AuditApplicationGuard
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.2 | Attack Vector: LOCAL |
Exploit Score: 2.5 | Attack Complexity: LOW |
Impact Score: 3.6 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:81724 |