Shutdown: Clear virtual memory pagefileID: oval:org.secpod.oval:def:35422 | Date: (C)2016-06-10 (M)2023-12-13 |
Class: COMPLIANCE | Family: windows |
This security setting determines whether the virtual memory pagefile is cleared when the system is shut down.
Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile is not available to an unauthorized user who manages to directly access the pagefile.
When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled.
Default: Disabled.
Counter Measure:
Enable the Clear virtual memory page file when system shuts down setting. This configuration causes Windows Server 2003 to clear the page file when the computer is shut down. The amount of time that is required to complete this process depends on the size of the page file. It could be several minutes before the computer completely shuts down.
Potential Impact:
It will take longer to shut down and restart the server, especially on servers with large paging files. For a server with 2 gigabytes (GB) of RAM and a 2-GB paging file, this policy setting could increase the shutdown process by 20 to 30 minutes, or more. For some organizations, this downtime violates their internal service level agreements. Therefore, use caution before you implement this countermeasure in your environment.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Shutdown: Clear virtual memory pagefile
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management!ClearPageFileAtShutdown
Platform: |
Microsoft Windows 10 |