1.2.1.12 Ensure 'Add-on Management' is set to Enabled - exprwd.exe

Information

Add-on Management. The recommended state for this setting is: Enabled.(Check: groove.exe, excel.exe, mspub.exe, powerpnt.exe, pptview.exe, visio.exe, winproj.exe, outlook.exe, spDesign.exe, exprwd.exe, msaccess.exe, onent.exe, mse7.exe) Internet Explorer add-ons are pieces of code that run in Internet Explorer to provide additional functionality. Rogue add-ons may contain viruses or other malicious code. Disabling or not configuring this setting could allow malicious code or users to become active on user computers or the network. For example, a malicious user can monitor and then use keystrokes that a user types into Internet Explorer. Even legitimate add-ons may demand resources that compromise the performance of Internet Explorer and the operating systems of user computers.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled. Computer Configuration\Administrative Templates\Microsoft Office 2016 (Machine)\Security Settings\IE Security\Add-on Management Impact: Some legitimate programs, including ones from Microsoft, use add-ons to display documents, audio, and video in Internet Explorer. The organization's Group Policy should incorporate approved, commonly-used add-ons to avoid limiting important user functionality.

See Also

https://workbench.cisecurity.org/files/571

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|3.1

Plugin: Windows

Control ID: cab6f208c29b66cbbab5b8888aafdcfc23fca7597aa7d8c09987b7d1b987d2a8