18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - java.exe

Information

This setting determines if recommended EMET mitigations are applied to the following software:
- Adobe Acrobat
- Adobe Acrobat Reader
- Microsoft Office suite applications
- Oracle Java
- WordPad
The recommended state for this setting is: Enabled.

Rationale:
Applying EMET mitigations to recommended software will help reduce the reliability of exploits that target them.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:
Computer Configuration\Policies\Administrative Templates\Windows Components\EMET\Default Protections for Recommended Software
Note: This Group Policy path does not exist by default. An additional Group Policy template (EMET.admx/adml) is required - it is included with Microsoft Enhanced Mitigation Experience Toolkit (EMET).

Impact:
EMET mitigations will be applied to the listed recommended software that is installed on the computer.

Default Value:
User configured.

References:
1. CCE-35479-5

See Also

https://workbench.cisecurity.org/benchmarks/14249

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SC-39, 800-53|SI-16, CSCv6|8.4, CSCv7|8.3

Plugin: Windows

Control ID: e4d0a790cb57eacd400f5192cbb71a3e8edd56c15d3f850ef3d2b81f0639d501