18.8.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'

Information

This policy setting specifies whether to enable or disable tracking of responsiveness events.

The recommended state for this setting is: Disabled.

Rationale:

When enabled the aggregated data of a given event will be transmitted to Microsoft. The option exists to restrict this feature for a specific user, set the consent level, and designate specific programs for which error reports could be sent. However, centrally restricting the ability to execute PerfTrack to limit the potential for unauthorized or undesired usage, data leakage, or unintentional communications is highly recommended.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Performance PerfTrack\Enable/Disable PerfTrack

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template PerformancePerftrack.admx/adml that is included with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates (or newer).

Impact:

Responsiveness events are not processed.

Default Value:

Enabled. (Responsiveness events are processed and aggregated. The aggregated data will be transmitted to Microsoft through SQM.)

References:

CCE-36648-4

See Also

https://workbench.cisecurity.org/files/2742

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION

References: 800-53|CA-7, CSCv6|13, CSCv7|13.3

Plugin: Windows

Control ID: 1806066a0b6aa2a3cec6363aa029bc25a0ae7e50d560ac2ab4307a0952eff03d