CCE-36622-9Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Notify antivirus programs when opening attachments
Antivirus programs are mandatory in many environments and provide a strong defense against attack.
The Notify antivirus programs when opening attachments setting allows you to manage how registered antivirus programs are notified. When enabled, this policy setting configures Windows to call the registered antivirus program and have it scan file attachments when they are opened by users. If the antivirus scan fails, the attachments are blocked from being opened. If this policy setting is disabled, Windows does not call the registered antivirus program when file attachments are opened. To help ensure that virus scanners examine every file before it is opened, Microsoft recommends that this policy setting be configured to Enabled in all environments.
Note An updated antivirus program must be installed for this policy setting to function properly.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: User ConfigurationAdministrative TemplatesWindows ComponentsAttachment Manager!Notify antivirus programs when opening attachments
(2) REG: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments!ScanWithAntiVirus
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.3 | Attack Vector: LOCAL |
Exploit Score: 1.3 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: REQUIRED |
Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:27576 |