18.10.15.7 (L1) Ensure 'Limit Dump Collection' is set to 'Enabled'

Information

This policy setting limits the type of memory dumps that can be collected when more information is needed to troubleshoot a problem.

The recommended state for this setting is: Enabled

Note: Memory dumps are only sent when the device has been configured to send optional diagnostic data. Diagnostic data is limited when recommendation Allow Diagnostic Data is set to Enabled: Diagnostic data off (not recommended) or Enabled: Send required diagnostic data to send only basic information.

Memory dumps can contain sensitive information - sending such data to a third-party vendor is a security concern and should only be done on an as-needed basis.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled

Computer Configuration\Policies\Administrative Templates\Windows Components\Data Collection and Preview Builds\Limit Dump Collection

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template DataCollection.admx/adml that is included with the Microsoft Windows 11 Release 21H2 Administrative Templates (or newer).

Impact:

Windows Error Reporting will not send full and/or heap memory dumps to Microsoft - they will be limited to kernel mini and/or user mode triage memory dumps (if sending optional diagnostic data is permitted).

See Also

https://workbench.cisecurity.org/benchmarks/17096

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2

Plugin: Windows

Control ID: e28868acf4daf77cd06c30b159ea4e0258ca0a58f8508edf0f38a5ffcb5b89da