5.4 (L2) Ensure 'Downloaded Maps Manager (MapsBroker)' is set to 'Disabled'

Information

Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps.

Mapping technologies can unwillingly reveal your location to attackers and other software that picks up the information. In addition, automatic downloads of data from third-party sources should be minimized when not needed. Therefore, this service should not be needed in high security environments.

Solution

To establish the recommended configuration via GP, set the following UI path to: Disabled

Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Downloaded Maps Manager

Impact:

Applications will be prevented from accessing maps data.

See Also

https://workbench.cisecurity.org/benchmarks/16515