SP13-00-000140 - SharePoint must prevent non-privileged users from circumventing malicious code protection capabilities.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Malicious code protection software must be protected to prevent a non-privileged user or malicious piece of software from disabling the protection mechanism. A common tactic of malware is to identify the type of malicious code protection software running on the system and deactivate it. Malicious code includes viruses, worms, Trojan horses, and Spyware.

Examples include the capability for non-administrative users to turn off or otherwise disable anti-virus.

Solution

Configure the SharePoint server to prevent non-privileged users from circumventing malicious code protection capabilities.

Navigate to Central Administration.

Click 'Manage web applications'.

Select the web application by clicking its name.

Select 'Blocked File Types' from the ribbon.

Add file types that are defined in the SSP but not in the list of blocked file types.

Click 'Ok'.

Repeat for each web application that has findings.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SharePoint_2013_V2R2_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(3), CAT|I, CCI|CCI-002235, Rule-ID|SV-223263r612235_rule, STIG-ID|SP13-00-000140, STIG-Legacy|SV-74417, STIG-Legacy|V-59987, Vuln-ID|V-223263

Plugin: Windows

Control ID: dc137e794d0d7fcdb3db0cfbdb91df4afb20628fdcfcef050f689f9bf1e85e58