19.7.44.2.1 (L1) Ensure 'Prevent Codec Download' is set to 'Enabled'

Information

This setting controls whether Windows Media Player is allowed to download additional codecs for decoding media files it does not already understand.

The recommended state for this setting is: Enabled

This has some potential for risk if a malicious data file is opened in Media Player that requires an additional codec to be installed. If a special codec is required for a necessary job function, then that codec should first be tested to ensure it is legitimate, and it should be supplied by the IT department in the organization.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:

User Configuration\Policies\Administrative Templates\Windows Components\Windows Media Player\Playback\Prevent Codec Download

Note: This Group Policy path is provided by the Group Policy template WindowsMediaPlayer.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.

Impact:

Windows Media Player is prevented from automatically downloading codecs to your computer. In addition, the

Download codecs automatically

check box on the Player tab in the Player is not available.

See Also

https://workbench.cisecurity.org/benchmarks/17610

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(3)

Plugin: Windows

Control ID: dc013d2651fbde1f3eb8453df8007c51bfb5d04db81511722e5fb6ed8a3c3c66