Detections
Analytics

45.36 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'

Information

This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to:

 - %ProgramFiles%
 - %windir%
 - %windir%\System32
 - HKLM\SOFTWARE

The recommended state for this setting is: Enabled

This setting reduces vulnerabilities by ensuring that legacy applications only write data to permitted locations.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enabled :

Local Policies Security Options\User Account Control: Virtualize file and registry write failures to per-user locations

Impact:

None - this is the default behavior.

See Also

https://workbench.cisecurity.org/benchmarks/16853

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-29(1)

Plugin: Windows

Control ID: 9efcc0830afe542012b7fbb44bfd86c12f37746558d2ba7d4272e61db69accfc