STIGQter: STIG Summary: Microsoft OneDrive Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 13 Nov 2020: STIGQter: STIG Summary: Microsoft OneDrive Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 13 Nov 2020:SV-230563r569322_rule
V-230563
SRG-APP-000516
DTOO606
CAT II
10
Ensure the following mitigations are configured for OneDrive.exe:
DEP:
Override DEP: False
ASLR:
ForceRelocateImages: NOTSET
ImageLoad:
OverrideBlockRemoteImages: False
Payload:
OverrideExportAddressFilter: False
OverrideExportAddressFilterPlus: False
OverrideImportAddressFilter: False
OverrideEnableRopStackPivot: False
OverrideEnableRopCallerCheck: False
OverrideEnableRopSimExec: False
Application mitigations defined in the STIG are configured by a DoD EP XML file included with the Windows 10 STIG package in the "Supporting Files" folder.
The XML file is applied with the group policy setting Computer Configuration >> Administrative Settings >> Windows Components >> Windows Defender Exploit Guard >> Exploit Protection >> "Use a common set of exploit protection settings" configured to "Enabled" with file name and location defined under "Options:". It is recommended the file be in a read-only network location.
This is NA prior to v1709 of Windows 10.
This is applicable to unclassified systems. For other systems, this is NA.
Run "Windows PowerShell" with elevated privileges (run as administrator).
Enter "Get-ProcessMitigation -Name OneDrive.exe".
(Get-ProcessMitigation can be run without the -Name parameter to get a list of all application mitigations configured.)
If the following mitigations do not have the listed status shown below, this is a finding:
DEP:
Override DEP: False
ASLR:
ForceRelocateImages: NOTSET
ImageLoad:
OverrideBlockRemoteImages: False
Payload:
OverrideExportAddressFilter: False
OverrideExportAddressFilterPlus: False
OverrideImportAddressFilter: False
OverrideEnableRopStackPivot: False
OverrideEnableRopCallerCheck: False
OverrideEnableRopSimExec: False
The PowerShell command produces a list of mitigations; only those with a required status are listed here. If the PowerShell command does not produce results, ensure the letter case of the filename within the command syntax matches the letter case of the actual filename on the system.
V-230563
False
DTOO606
This is NA prior to v1709 of Windows 10.
This is applicable to unclassified systems. For other systems, this is NA.
Run "Windows PowerShell" with elevated privileges (run as administrator).
Enter "Get-ProcessMitigation -Name OneDrive.exe".
(Get-ProcessMitigation can be run without the -Name parameter to get a list of all application mitigations configured.)
If the following mitigations do not have the listed status shown below, this is a finding:
DEP:
Override DEP: False
ASLR:
ForceRelocateImages: NOTSET
ImageLoad:
OverrideBlockRemoteImages: False
Payload:
OverrideExportAddressFilter: False
OverrideExportAddressFilterPlus: False
OverrideImportAddressFilter: False
OverrideEnableRopStackPivot: False
OverrideEnableRopCallerCheck: False
OverrideEnableRopSimExec: False
The PowerShell command produces a list of mitigations; only those with a required status are listed here. If the PowerShell command does not produce results, ensure the letter case of the filename within the command syntax matches the letter case of the actual filename on the system.
M
4015