Title

Indexing of mail items in Exchange folders when Outlook is running in uncached mode must be turned off. (Cat III impact)

Discussion

Indexing of encrypted items may expose sensitive data. This setting prevents mail items in a Microsoft Exchange folder from being indexed when Outlook is running in uncached mode.

Check Content

If Outlook is not installed on the system, this is NA. If Outlook is installed on the system and the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\Windows Search\ Value Name: PreventIndexingUncachedExchangeFolders Type: REG_DWORD Value: 1

Fix Text

If Outlook is not installed on the system, this is NA. If Outlook is installed on the system, configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Search -> "Enable indexing uncached Exchange folders" to "Disabled".

Additional Identifiers

Rule ID: SV-16651r2_rule

Vulnerability ID: V-15712

Group Title: Search – Exchange Folder Indexing

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.