(NG) Ensure ‘Allow auditing events in Windows Defender Application Guard’ is set to ‘Enabled’
Details This policy setting allows you to decide whether auditing events can be collected from Windows Defender Application Guard (Application...
- Home
- Security Hardening
- CIS Microsoft Windows 10 Enterprise Release 1803 V1.5.0 L2 Next Generation
CIS Microsoft Windows 10 Enterprise Release 1803 V1.5.0 L2 Next Generation
(NG) Ensure ‘Allow data persistence for Windows Defender Application Guard’ is set to ‘Disabled’
Details This policy setting allows you to decide whether data should persist across different sessions in Windows Defender Application Guard...(NG) Ensure ‘Allow files to download and save to the host operating system from Windows Defender Application Guard’ is set to ‘Disabled’
Details This policy setting determines whether to save downloaded files to the host operating system from the Windows Defender Application...(NG) Ensure ‘Configure Windows Defender Application Guard clipboard settings: Clipboard behavior setting’ is set to ‘Enabled: Enable clipboard operation from an isolated session to the host’
Details This policy setting allows you to decide how the clipboard behaves while in Windows Defender Application Guard (Application Guard)....(NG) Ensure ‘Turn On Virtualization Based Security: Credential Guard Configuration’ is set to ‘Enabled with UEFI lock’
Details This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials. The ‘Enabled with UEFI...(NG) Ensure ‘Turn On Virtualization Based Security’ is set to ‘Enabled’
Details This policy setting specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to provide...(NG) Ensure ‘Turn On Virtualization Based Security: Require UEFI Memory Attributes Table’ is set to ‘True (checked)’
Details This option will only enable Virtualization Based Protection of Code Integrity on devices with UEFI firmware support for the...(NG) Ensure ‘Turn On Virtualization Based Security: Select Platform Security Level’ is set to ‘Secure Boot and DMA Protection’
Details This policy setting specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to provide...(NG) Ensure ‘Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity’ is set to ‘Enabled with UEFI lock’
Details This setting enables virtualization based protection of Kernel Mode Code Integrity. When this is enabled, kernel mode memory protections...(NG) Ensure ‘Turn on Windows Defender Application Guard in Enterprise Mode’ is set to ‘Enabled’
Details This policy setting enables application isolation through Windows Defender Application Guard (Application Guard). The recommended state for this setting...