18.9.25.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled'

Information

This setting determines if recommended EMET mitigations are applied to the following software:

- Adobe Acrobat
- Adobe Acrobat Reader
- Microsoft Office suite applications
- Oracle Java
- WordPad

The recommended state for this setting is: Enabled

Applying EMET mitigations to recommended software will help reduce the reliability of exploits that target them.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:

Computer Configuration\Policies\Administrative Templates\Windows Components\EMET\Default Protections for Recommended Software

Note: This Group Policy path does not exist by default. An additional Group Policy template ( EMET.admx/adml ) is required - it is included with Microsoft Enhanced Mitigation Experience Toolkit (EMET).

Impact:

EMET mitigations will be applied to the listed recommended software that is installed on the computer.

See Also

https://workbench.cisecurity.org/benchmarks/14291

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-16, CSCv7|8.3

Plugin: Windows

Control ID: 5c57b91df0f7fe497ceb0f556ad8f06fe0329581c9dcf7fe7e685d21ac5158c7