Title

Turn off Managing Phishing filter is not disabled. (Cat II impact)

Discussion

This policy setting allows the user to enable a phishing filter that will warn if the Web site being visited is known for fraudulent attempts to gather personal information through "phishing." If you enable this policy setting, the user will not be prompted to enable the phishing filter. You must specify which mode the phishing filter uses: manual, automatic, or off. If you select manual mode, the phishing filter performs only local analysis and users are prompted to permit any data to be sent to Microsoft. If the feature is fully enabled, all website addresses not contained on the filter's whitelist will be sent automatically to Microsoft without prompting the user. If you disable or do not configure this policy setting, the user will be prompted to decide the mode of operation for the phishing filter.

Check Content

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Turn off Managing Phishing filter" will be set to “Enabled” and "Off" selected. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter Criteria: If the value Enabled is REG_DWORD = 0, this is not a finding.

Fix Text

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Turn off Managing Phishing filter" will be set to “Enabled” and "Off" selected. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter Criteria: Set the value Enabled to REG_DWORD = 0.

Additional Identifiers

Rule ID: SV-16342r1_rule

Vulnerability ID: V-15495

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.