CCE-98637-2Platform: cpe:/o:microsoft:windows_10 | Date: (C)2022-06-20 (M)2023-07-04 |
This policy setting determines whether to save downloaded files to the host operating system from the Microsoft Defender Application Guard container.
If you enable this setting, people can save downloaded files from the Microsoft Defender Application Guard container to the host operating system.
If you disable or don't configure this setting, people can't save downloaded files from the Microsoft Defender Application Guard container to the host operating system.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsMicrosoft Defender Application GuardAllow files to download and save to the host operating system from Microsoft Defender Application Guard
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftAppHVSI!SaveFilesToHost
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow files to download and save to the host operating system from Microsoft Defender Application Guard
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppHVSI!SaveFilesToHost
CCSS Severity: | CCSS Metrics: |
CCSS Score : 4.3 | Attack Vector: NETWORK |
Exploit Score: 2.8 | Attack Complexity: LOW |
Impact Score: 1.4 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:81727 |