5.3 (L1) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed'

Information

Maintains an updated list of computers on the network and supplies this list to computers designated as browsers.
The recommended state for this setting is: Disabled or Not Installed.
Note: In Windows 8.1 and Windows 10, this service is bundled with the SMB 1.0/CIFS File Sharing Support optional feature. As a result, removing that feature (highly recommended unless backward compatibility is needed to XP/2003 and older Windows OSes - see Stop using SMB1 | Storage at Microsoft) will also remediate this recommendation. The feature is not installed by default starting with Windows 10 R1709.

Rationale:
This is a legacy service - its sole purpose is to maintain a list of computers and their network shares in the environment (i.e. 'Network Neighborhood'). If enabled, it generates a lot of unnecessary traffic, including 'elections' to see who gets to be the 'master browser'. This noisy traffic could also aid malicious attackers in discovering online machines, because the service also allows anyone to 'browse' for shared resources without any authentication. This service used to be running by default in older Windows versions (e.g. Windows XP), but today it only remains for backward compatibility for very old software that requires it.

Solution

To establish the recommended configuration via GP, set the following UI path to: Disabled or ensure the service is not installed.
Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Computer Browser

Impact:
The list of computers and their shares on the network will not be updated or maintained.

Default Value:
Windows 7: Manual
Windows 8 through Windows 10 R1703: Manual (Trigger Start)
Windows 10 R1709 and newer: Not Installed (Manual (Trigger Start) when installed)

See Also

https://workbench.cisecurity.org/benchmarks/14249

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, CSCv6|9.1, CSCv7|9.2

Plugin: Windows

Control ID: 5d8508bb74d7661d02970c43f4b91a5b69bdff4aa4216d47d4fb1753567b5177