Details

This policy setting allows you to configure whether or not Watson events are sent.

The recommended state for this setting is: Disabled.

Rationale:

Watson events are the reports that get sent to Microsoft when a program or service crashes or fails, including the possibility of automatic submission. Preventing this information from being sent can help reduce privacy concerns.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsWindows Defender AntivirusReportingConfigure Watson events

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).

Impact:

Watson events will not be sent to Microsoft automatically when a program or service crashes or fails.

Default Value:

Enabled. (Watson events will be sent to Microsoft automatically when a program or service crashes or fails.)

References:

CCE-36950-4

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2742

This security hardening control applies to the following category of controls within NIST 800-53: Security Assessment and Authorization.This control applies to the following type of system Windows.

References

• 800-53|CA-7
• CSCv6|13
• CSCv7|13.3

Source

• Tenable.com/audits