1.40 Ensure 'Allow remote debugging' is set to 'Disabled'

Information

This policy setting controls whether users may use remote debugging. This features allows remote debugging of live content on a Windows 10 or later device from a Windows or macOS computer.

The recommended state for this setting is: Disabled.

Rationale:

Disabling remote debugging enhances security and protects applications from unauthorized access. Some attack tools can exploit this feature to extract information, or to insert malicious code.

Impact:

Users will not be able access the remote debugging feature in Microsoft Edge.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Allow remote debugging

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from: Download Microsoft Edge for Business - Microsoft.

Default Value:

Enabled. (Users may use remote debugging by specifying --remote-debug-port and --remote-debugging-pipe command line switches.)

See Also

https://workbench.cisecurity.org/files/4094

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|CM-11, 800-53|SC-18, CSCv7|7.2

Plugin: Windows

Control ID: 6ccce2fc6f94c3f973778896588b8468edc065cb5f0fec8d7b40e03be975e1ec