STIGQter STIGQter: STIG Summary: Windows Server 2019 Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jan 2020: Windows Server 2019 Event Viewer must be protected from unauthorized modification and deletion.

DISA Rule

SV-103283r1_rule

Vulnerability Number

V-93195

Group Title

SRG-OS-000257-GPOS-00098

Rule Version

WN19-AU-000060

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the permissions on the "Eventvwr.exe" file to prevent modification by any groups or accounts other than TrustedInstaller. The default permissions listed below satisfy this requirement:

TrustedInstaller - Full Control
Administrators, SYSTEM, Users, ALL APPLICATION PACKAGES, ALL RESTRICTED APPLICATION PACKAGES - Read & Execute

The default location is the "%SystemRoot%\System32" folder.

Check Contents

Navigate to "%SystemRoot%\System32".

View the permissions on "Eventvwr.exe".

If any groups or accounts other than TrustedInstaller have "Full control" or "Modify" permissions, this is a finding.

The default permissions below satisfy this requirement:

TrustedInstaller - Full Control
Administrators, SYSTEM, Users, ALL APPLICATION PACKAGES, ALL RESTRICTED APPLICATION PACKAGES - Read & Execute

Vulnerability Number

V-93195

Documentable

False

Rule Version

WN19-AU-000060

Severity Override Guidance

Navigate to "%SystemRoot%\System32".

View the permissions on "Eventvwr.exe".

If any groups or accounts other than TrustedInstaller have "Full control" or "Modify" permissions, this is a finding.

The default permissions below satisfy this requirement:

TrustedInstaller - Full Control
Administrators, SYSTEM, Users, ALL APPLICATION PACKAGES, ALL RESTRICTED APPLICATION PACKAGES - Read & Execute

Check Content Reference

M

Target Key

3483

Comments