CSCv7|7.2

Title

Disable Unnecessary or Unauthorized Browser or Email Client Plugins

Description

Uninstall or disable any unauthorized browser or email client plugins or add-on applications.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Email and Web Browser Protections

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1.1 (L1) Ensure 'Allow add-on installs from websites' is set to 'Disabled'	Windows	CIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.12.1 (L1) Ensure 'Activate Flash on websites' is set to 'Disabled'	Windows	CIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.18.7 (L1) Ensure 'extensions.blocklist.enabled' is set to 'Enabled'	Windows	CIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.23.1 (L1) Ensure 'Extension Recommendations' is set to 'Disabled'	Windows	CIS Mozilla Firefox ESR GPO v1.0.0 L1
1.4.1 (L2) Ensure 'Allow read access via the File System API on these sites' is set to 'Disabled'	Windows	CIS Microsoft Edge v4.0.0 L2
1.4.1 (L2) Ensure 'Allow read access via the File System API on these sites' is set to 'Disabled'	Windows	CIS Microsoft Intune for Edge v1.0.0 L2
1.4.4 (L2) Ensure 'Control use of JavaScript JIT' is set to 'Enabled: Do not allow any site to run JavaScript JIT'	Windows	CIS Microsoft Edge v4.0.0 L2
1.4.4 (L2) Ensure 'Control use of JavaScript JIT' is set to 'Enabled: Do not allow any site to run JavaScript JIT'	Windows	CIS Microsoft Intune for Edge v1.0.0 L2
1.4.5 (L2) Ensure 'Control use of the File System API for reading' is set to 'Enabled: Don't allow any site to request read access to files and directories via the File System API'	Windows	CIS Microsoft Intune for Edge v1.0.0 L2
1.4.5 (L2) Ensure 'Control use of the File System API for reading' is set to 'Enabled: Don't allow any site to request read access to files and directories via the File System API'	Windows	CIS Microsoft Edge v4.0.0 L2
1.4.6 (L1) Ensure 'Control use of the File System API for writing' is set to 'Enabled: Don't allow any site to request write access to files and directories'	Windows	CIS Microsoft Edge v4.0.0 L1
1.4.6 (L1) Ensure 'Control use of the File System API for writing' is set to 'Enabled: Don't allow any site to request write access to files and directories'	Windows	CIS Microsoft Intune for Edge v1.0.0 L1
1.4.7 (L2) Ensure 'Control use of the Web Bluetooth API' is set to 'Enabled: Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API'	Windows	CIS Microsoft Intune for Edge v1.0.0 L2
1.4.7 (L2) Ensure 'Control use of the Web Bluetooth API' is set to 'Enabled: Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API'	Windows	CIS Microsoft Edge v4.0.0 L2
1.4.8 (L2) Ensure 'Control use of the WebHID API' is set to 'Enabled: Do not allow any site to request access to HID devices via the WebHID API'	Windows	CIS Microsoft Edge v4.0.0 L2
1.4.8 (L2) Ensure 'Control use of the WebHID API' is set to 'Enabled: Do not allow any site to request access to HID devices via the WebHID API'	Windows	CIS Microsoft Intune for Edge v1.0.0 L2
1.9.1 (L1) Ensure 'Configure users ability to override feature flags' is set to 'Enabled: Prevent users from overriding feature flags'	Windows	CIS Microsoft Intune for Edge v1.0.0 L1
1.9.1 (L1) Ensure 'Configure users ability to override feature flags' is set to 'Enabled: Prevent users from overriding feature flags'	Windows	CIS Microsoft Edge v4.0.0 L1
1.10.1 (L1) Ensure 'Blocks external extensions from being installed' is set to 'Enabled'	Windows	CIS Microsoft Edge v4.0.0 L1
1.10.1 (L1) Ensure 'Blocks external extensions from being installed' is set to 'Enabled'	Windows	CIS Microsoft Intune for Edge v1.0.0 L1
1.10.2 (L2) Ensure 'Configure extension management settings' is set to 'Enabled: { '*': {'installation_mode': 'blocked' }}'	Windows	CIS Microsoft Edge v4.0.0 L2
1.10.2 (L2) Ensure 'Configure extension management settings' is set to 'Enabled: { '*': {'installation_mode': 'blocked' }}'	Windows	CIS Microsoft Intune for Edge v1.0.0 L2
1.18 (L1) Ensure 'Enable security warnings for command-line flags' is set to 'Enabled'	Windows	CIS Google Chrome L1 v3.0.0
1.45 (L1) Ensure 'Allow managed extensions to use the Enterprise Hardware Platform API' is set to 'Disabled'	Windows	CIS Microsoft Edge v4.0.0 L1
1.45 (L1) Ensure 'Allow managed extensions to use the Enterprise Hardware Platform API' is set to 'Disabled'	Windows	CIS Microsoft Intune for Edge v1.0.0 L1
1.51 (L1) Ensure 'Allow remote debugging' is set to 'Disabled'	Windows	CIS Microsoft Edge v4.0.0 L1
1.51 (L1) Ensure 'Allow remote debugging' is set to 'Disabled'	Windows	CIS Microsoft Intune for Edge v1.0.0 L1
1.53 (L2) Ensure 'Allow unconfigured sites to be reloaded in Internet Explorer mode' is set to 'Disabled'	Windows	CIS Microsoft Edge v4.0.0 L2
1.53 (L2) Ensure 'Allow unconfigured sites to be reloaded in Internet Explorer mode' is set to 'Disabled'	Windows	CIS Microsoft Intune for Edge v1.0.0 L2
1.60 (L2) Ensure 'AutoLaunch Protocols Component Enabled' is set to 'Disabled'	Windows	CIS Microsoft Edge v4.0.0 L2
1.60 (L2) Ensure 'AutoLaunch Protocols Component Enabled' is set to 'Disabled'	Windows	CIS Microsoft Intune for Edge v1.0.0 L2
1.62 (L1) Ensure 'Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode' is set to 'Disabled'	Windows	CIS Microsoft Intune for Edge v1.0.0 L1
1.62 (L1) Ensure 'Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode' is set to 'Disabled'	Windows	CIS Microsoft Edge v4.0.0 L1
1.79 (L2) Ensure 'Control use of the Serial API' is set to 'Enable: Do not allow any site to request access to serial ports via the Serial API'	Windows	CIS Microsoft Intune for Edge v1.0.0 L2
1.80 (L2) Ensure 'Control use of the Serial API' is set to 'Enable: Do not allow any site to request access to serial ports via the Serial API'	Windows	CIS Microsoft Edge v4.0.0 L2
1.107 (L1) Ensure 'Enable upload files from mobile in Microsoft Edge desktop' is set to 'Disabled'	Windows	CIS Microsoft Intune for Edge v1.0.0 L1
1.108 (L1) Ensure 'Enable upload files from mobile in Microsoft Edge desktop' is set to 'Disabled'	Windows	CIS Microsoft Edge v4.0.0 L1
1.126 (L1) Ensure 'Show the Reload in Internet Explorer mode button in the toolbar' is set to 'Disabled'	Windows	CIS Microsoft Intune for Edge v1.0.0 L1
1.127 (L1) Ensure 'Show the Reload in Internet Explorer mode button in the toolbar' is set to 'Disabled'	Windows	CIS Microsoft Edge v4.0.0 L1
18.10.57.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.58.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
18.10.58.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
18.10.58.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL
18.10.58.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v4.0.0 L1
18.10.58.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG
18.10.58.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG
18.10.58.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v4.0.0 L1 DC
18.10.58.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS
18.10.58.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1
18.10.58.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 v4.0.0 L1 MS

Detections

Analytics

CSCv7|7.2

Title

Description

Reference Item Details

Audit Items