Title

The Recycle Worker processes in minutes monitor must be set properly. (Cat II impact)

Discussion

A worker process handles all application execution, including authentication and authorization, as well as ISAPI filter and extension loading. This executable process is called W3WP.exe. When acting as the worker process manager, the www service is responsible for controlling the lifetime of all worker processes that are processing requests. The management console allows it to configure options such as when to start or recycle a worker process, how many requests to serve before recycling, and what to do if the worker becomes blocked or unable to continue processing requests.

Check Content

1. Open the IIS Manager > Right click on the Application Pool that corresponds to the website being reviewed > Select Properties > Select the Recycling tab. 2. Ensure the Recycle worker processes (in minutes) check box is checked and the value is set to 1740 or less. If the value is not set properly, this is a finding. NOTE: This vulnerability can be documented locally by the ISSM/ISSO if the site has operational reasons for an increased value. If the ISSM/ISSO has approved this change in writing, this should be marked as not a finding.

Fix Text

1. Open the IIS Manager > Right click on the desired Application Pool > Select Properties > Select the Recycling tab. 2. Ensure the Recycle worker processes (in minutes) check box is checked and set the value to 1740 or less. 3. Press OK.

Additional Identifiers

Rule ID: SV-38134r2_rule

Vulnerability ID: V-13704

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.