67.6 (L1) Ensure 'Limit Dump Collection' is set to 'Enabled'

Information

This policy setting limits the type of memory dumps that can be collected when more information is needed to troubleshoot a problem.

The recommended state for this setting is: Enabled

Note: Memory dumps are only sent when the device has been configured to send optional diagnostic data. Diagnostic data is limited when recommendation Allow Diagnostic Data is set to Enabled: Diagnostic data off (not recommended) or Enabled: Send required diagnostic data to send only basic information.

Memory dumps can contain sensitive information. Sending this data to a third-party vendor is a security concern and should only be done on an as-needed basis.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enabled

System\Limit Dump Collection

Impact:

Windows Error Reporting is limited to sending kernel mini and user mode triage memory dumps, reducing the risk of sending sensitive information to Microsoft.

See Also

https://workbench.cisecurity.org/benchmarks/16853

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2

Plugin: Windows

Control ID: d43e87c7d658f776f4891982967588befafc755fd64d6a53179e7a552e3e66d8