Detections
Analytics

18.10.3.3 Ensure 'Turn off Install Tracing' is set to 'Enabled'

Information

This policy setting determines if Install Tracing data is sent to Microsoft. Install Tracing tracks application installs to help diagnose compatibility problems.

The recommended state for this setting is: Enabled.

In high-security environments, data must never be shared with third-parties without explicit consent, as it may contain sensitive information.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\App and Device Inventory\Turn off Install Tracing

Note: This Group Policy path is provided by the Group Policy template AppDeviceInventory.admx/adml that is included with the Microsoft Windows 11 Release 24H2 Administrative Templates (or newer).

Impact:

Data from Install Tracing sampling will not be sent to Microsoft.

See Also

https://workbench.cisecurity.org/benchmarks/26296

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Windows

Control ID: c67ebdd79b23a3bed8039625859276de066a10a15709b0af37d229af2c79b489