An error occurred:

Check: DTBI740-IE11

Microsoft Internet Explorer 11 STIG: DTBI740-IE11 (in versions v2 r5 through v1 r11)

Title

Managing SmartScreen Filter use must be enforced. (Cat II impact)

Discussion

This setting is important from a security perspective because Microsoft has extensive data illustrating the positive impact the SmartScreen filter has had on reducing the risk of malware infection via visiting malicious websites. This policy setting allows users to enable the SmartScreen Filter, which will warn if the website being visited is known for fraudulent attempts to gather personal information through 'phishing' or is known to host malware. If you enable this setting the user will not be prompted to enable the SmartScreen Filter. It must be specified which mode the SmartScreen Filter uses: On or Off. If the feature is On, all website addresses not contained on the filters allow list, will be sent automatically to Microsoft without prompting the user. If this feature is set to Off, the feature will not run. If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on SmartScreen Filter during the first-run experience.

Check Content

If the system is on the SIPRNet, this requirement is NA. The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> "Prevent Managing SmartScreen Filter" must be "Enabled", and "On" selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter Criteria: If the value "EnabledV9" is "REG_DWORD = 1", this is not a finding.

Fix Text

If the system is on the SIPRNet, this requirement is NA. Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> "Prevent Managing SmartScreen Filter" to "Enabled", and select "On" from the drop-down box.

Additional Identifiers

Rule ID: SV-223125r879627_rule

Vulnerability ID: V-223125

Group Title: SRG-APP-000206

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001166

The information system identifies organization-defined unacceptable mobile code.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-18 (1)

Identify Unacceptable Code / Take Corrective Actions