CCE-97688-6Platform: cpe:/o:microsoft:windows_server_2022:::x64 | Date: (C)2022-06-07 (M)2023-07-04 |
This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Policy settings. This setting applies to lists such as threats and Exclusions.
If you enable or do not configure this setting, unique items defined in Group Policy and in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, Group policy Settings will override preference settings.
If you disable this setting, only items defined by Group Policy will be used in the resulting effective policy. Group Policy settings will override preference settings configured by the local administrator.
Countermeasure:
Configure this setting depending on your organization's requirements.
Potential Impact:
Items defined by Group Policy will be used in the resulting effective policy and will override preference settings configured by the local administrator, which may affect the expected device behavior and/or user experience.
Parameter:
[enabled/disabled]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Configure local administrator merge behavior for lists
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender!DisableLocalAdminMerge
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.0 | Attack Vector: LOCAL |
Exploit Score: 1.0 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:80908 |