Title

Network prediction must be disabled. (Cat II impact)

Discussion

Enables network prediction and prevents users from changing this setting. This controls DNS prefetching, TCP and SSL pre-connection, and pre-rendering of web pages. If this policy is not configured, network prediction is enabled but the user can change it. Policy options mapping: - NetworkPredictionAlways (0) = Predict network actions on any network connection. - NetworkPredictionWifiOnly (1) = Not supported; if this value is used it will be treated as if "Predict network actions on any network connection" (0) was set. - NetworkPredictionNever (2) = Do not predict network actions on any network connection.

Check Content

The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Enable network prediction" must be set to "Enabled" with the option value set to "Don't predict network actions on any network connection". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for NetworkPredictionOptions is not set to "REG_DWORD = 2", this is a finding.

Fix Text

Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Enable network prediction" to "Enabled" with the option value set to "Don't predict network actions on any network connection".

Additional Identifiers

Rule ID: SV-235728r879587_rule

Vulnerability ID: V-235728

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.