Do not process the legacy run listID: oval:org.secpod.oval:def:35336 | Date: (C)2016-06-10 (M)2023-12-13 |
Class: COMPLIANCE | Family: windows |
This policy setting ignores the customized run list.
You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of programs and services that the system starts.
If you enable this policy setting, the system ignores the run list for Windows Vista, Windows XP Professional, and Windows 2000 Professional.
If you disable or do not configure this policy setting, Windows Vista adds any customized run list configured to its run list.
This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
Note: To create a customized run list by using a policy setting, use the ""Run these applications at startup"" policy setting.
Also, see the ""Do not process the run once list"" policy setting.
Counter Measure:
Configure the Do not process the legacy run list setting to Enabled.
Potential Impact:
If you enable this setting, certain computer programs such as antivirus software and software distribution and monitoring software are also prevented from execution. You should evaluate the threat level to your environment that this setting is designed to safeguard against before you decide on a strategy to use this setting for your organization.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\System\Logon\Do not process the legacy run list
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableLocalMachineRun
Platform: |
Microsoft Windows 10 |