security benchmark score details - home | norton … the belarc advisor. your computer profile was...
TRANSCRIPT
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 1/16
The license associated with the Belarc Advisor product allows for free personal use only. Use oncomputers in a corporate, educational, military or government installation is prohibited. See thelicense agreement for details. The information on this page was created locally on your computerby the Belarc Advisor. Your computer profile was not sent to a web server.
About Belarc
SystemManagementProducts
Back toProfileSummary
Click anybenchmarksetting at rightfordocumentation.
Security Benchmark Score DetailsComputer Name: acer-PC (in WORKGROUP)
Profile Date: 07 July 2014 14:11:38Advisor Version: 8.4Windows Logon: acer
Click here for Belarc's security products,
for large and small companies.
Score: 0.63 of 10 (more on this score...) = Pass = FailBenchmark: USGCB - Windows 7, Version 1.0.1.0
Account Lockout Policy Settings Section Score: 0.63 of 0.63
1. Account Lockout Duration (CCE-9308)
2. Account Lockout Threshold (CCE-9136)
3. Reset Account Lockout Counter After (CCE-9400)
Password Policy Settings Section Score: 0.00 of 0.63
1. Enforce Password History (CCE-8912)
2. Maximum Password Age (CCE-9193)
3. Minimum Password Age (CCE-9330)
4. Minimum Password Length (CCE-9357)
5. Password Complexity (CCE-9370)
6. Reversible Password Encryption (CCE-9260)
User Rights Assignments Section Score: 0.00 of 0.63
1. Access This Computer From The Network (CCE-9253)
2. Act As Part Of The Operating System (CCE-9407)
3. Adjust Memory Quotas For A Process (CCE-9068)
4. Log On Locally (CCE-9345)
5. Log On Through Terminal Services (CCE-9107)
6. Back Up Files and Directories (CCE-9389)
7. Bypass Traverse Checking (CCE-8414)
8. Change the System Time (CCE-8612)
9. Change the time zone (CCE-8423)
10. Create A Pagefile (CCE-9185)
11. Create A Token Object (CCE-9215)
12. Create Global Objects (CCE-8431)
13. Create Permanent Shared Objects (CCE-9254)
Why are securitybenchmarks importantfor IT security? Manycurrent threats are notstopped by perimetersecurity systems suchas firewall and anti-virus systems. Settingand monitoringconfigurations based onconsensus benchmarksis a critical stepbecause this is a pro-active way to avoidmany successfulattacks. The U.S.National SecurityAgency has found thatconfiguring computerswith proper securitysettings blocks 90% ofthe existing threats("Security Benchmarks:A Gold Standard."IA Newsletter,vol. 5 no. 3 Click hereto view) To request acopy of our white paper,"Securing theEnterprise", click here.
What is the USGCBBenchmark? TheUnited StatesGovernmentConfiguration Baseline(USGCB) is a USGovernment OMB-mandated securityconfiguration forWindows 7 and InternetExplorer 8. Developedby DoD, with NISTassistance, thebenchmark is theproduct of DoDconsensus. Click herefor details.
What are FDCCBenchmarks? TheFederal Desktop CoreConfiguration (FDCC) isa US Government OMB-mandated securityconfiguration forWindows Vista and XP. The Windows VistaFDCC is based on DoDcustomization of theMicrosoft SecurityGuides for bothWindows Vista andInternet Explorer 7.0. Microsoft's Vista
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 2/16
14. Create symbolic links (CCE-8460)
15. Debug Programs (CCE-8583)
16. Deny Access To This Computer From The Network (CCE-9244)
17. Deny Logon As A Batch Job (CCE-9212)
18. Deny Logon As A Service (CCE-9098)
19. Deny Logon Locally (CCE-9239)
20. Deny Logon Through Remote Desktop Services (CCE-9274)
21. Force Shutdown From A Remote System (CCE-9336)
22. Generate Security Audits (CCE-9226)
23. Impersonate a Client After Authentication (CCE-8467)
24. Increase a Process Working Set (CCE-9048)
25. Increase Scheduling Priority (CCE-8999)
26. Load And Unload Device Drivers (CCE-9135)
27. Lock Pages In Memory (CCE-9289)
28. Log On As A Batch Job (CCE-9320)
29. Log On As A Service (CCE-9461)
30. Manage Auditing And Security Log (CCE-9223)
31. Modify an object label (CCE-9149)
32. Modify Firmware Environment Values (CCE-9417)
33. Perform Volume Maintenance Tasks (CCE-8475)
34. Profile Single Process (CCE-9388)
35. Profile System Performance (CCE-9419)
36. Remove Computer From Docking Station (CCE-9326)
37. Replace A Process Level Token (CCE-8732)
38. Restore Files And Directories (CCE-9124)
39. Shut Down The System (CCE-9014)
40. Take Ownership Of Files Or Other Objects" (CCE-9309)
Security Options Settings Section Score: 0.00 of 0.63
1. Accounts: Administrator account status (CCE-9199)
2. Accounts: Guest account status (CCE-8714)
3.Accounts: Limit local account use to blank passwords to
console logon only (CCE-9418)
4. Accounts: Rename administrator account (CCE-8484)
5. Accounts: Rename guest account (CCE-9229)
6. Audit: Audit the access of global system objects (CCE-9150)
7.Audit: Audit the use of Backup and Restore privilege (CCE-
8789)
8.Audit: Force audit policy subcategory settings (Windows Vista
or later) to override audit policy category settings (CCE-9432)
9. Devices: Prevent users from installing printer drivers (CCE-9026)
10.Devices: Restrict CD-ROM access to locally logged-on user
only" (CCE-9304)
11.Devices: Restrict floppy access to locally logged-on user
only (CCE-9440)Domain member: Digitally encrypt or sign secure channel data
Security Guide wasproduced through acollaborative effort withDISA, NSA, and NIST,reflecting theconsensusrecommended settingsfrom DISA, NSA, andNIST. The Windows XPFDCC is based on USAir Force customizationof the SpecializedSecurity-LimitedFunctionality (SSLF)recommendations inNIST SP 800-68 andDoD customization ofthe recommendationsin Microsoft's SecurityGuide for InternetExplorer 7.0. Click herefor details.
What is the SecurityBenchmark Score? The Belarc Advisor hasaudited the security ofyour computer using abenchmark appropriateto your operatingsystem. The result is anumber between zeroand ten that gives ameasure of thevulnerability of yoursystem to potentialthreats. The higher thenumber the lessvulnerable your system.
How can you reduceyour securityvulnerability? Thelocal group policy editor(accessed by runningthe gpedit.msccommand) can be usedto configure securitysettings for yourcomputer. Windowshome editions don'tinclude that editor, butmost security settingscan also be made withregistry entriesinstead. Warning:Applying these securitysettings may cause someapplications to stopworking correctly. Backup your system prior toapplying these securitytemplates or apply thetemplates on a testsystem first. For domainmember computers,the benchmarkconfigurations areavailable from thebenchmark creator'sweb site as MicrosoftGroup Policy Object filesthat can be used withActive Directory. Followthe links above to theweb site of yourBenchmark's creator.
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 3/16
12. (always) (CCE-8974)
13.Domain member: Digitally encrypt secure channel data (when
possible) (CCE-9251)
14.Domain member: Digitally sign secure channel data (when
possible) (CCE-9375)
15.Domain member: Disable machine account password
changes (CCE-9295)
16.Domain member: Maximum machine account password
age (CCE-9123)
17.Domain member: Require strong (Windows 2000 or later) session
key (CCE-9387)
18. Interactive logon: Do not display last user name (CCE-9449)
19. Interactive logon: Do not require CTRL+ALT+DEL (CCE-9317)
20.Interactive logon: Message text for users attempting to log
on (CCE-8973)
21.Interactive logon: Message title for users attempting to log
on (CCE-8740)
22.Interactive logon: Number of previous logons to cache (in case
domain controller is not available) (CCE-8487)
23.Interactive logon: Prompt user to change password before
expiration (CCE-9307)
24.Interactive logon: Require Domain Controller authentication to
unlock workstation (CCE-8818)
25. Interactive logon: Smart card removal behavior (CCE-9067)
26.Microsoft network client: Digitally sign communications
(always) (CCE-9327)
27.Microsoft network client: Digitally sign communications (if
server agrees) (CCE-9344)
28.Microsoft network client: Send unencrypted password to third-
party SMB servers (CCE-9265)
29.Microsoft network server: Amount of idle time required before
suspending session (CCE-9406)
30.Microsoft network server: Digitally sign communications
(always) (CCE-9040)
31.Microsoft network server: Digitally sign communications (if
client agrees) (CCE-8825)
32.Microsoft network server: Disconnect clients when logon hours
expire (CCE-9358)
33.Microsoft network server: SPN Target name validation (CCE-
8503)
34.Network access: Allow anonymous SID-Name translation (CCE-
9531)
35.Network access: Do not allow anonymous enumeration of SAM
accounts (CCE-9249)
36.Network access: Do not allow anonymous enumeration of SAM
accounts and shares (CCE-9156)
37.Network access: Do not allow storage of passwords and
credentials for network authentication (CCE-8654)
38.Network access: Let Everyone permissions apply to anonymous
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 4/16
users (CCE-8936)
39.Network access: Named Pipes that can be accessed
anonymously - netlogon, lsarpc, samr, browser (CCE-9218)
40. Network access: Remotely accessible registry paths (CCE-9121)
41.Network access: Remotely accessible registry paths and sub
paths (CCE-9386)
42.Network access: Restrict anonymous access to Named Pipes and
Shares (CCE-9540)
43.Network access: Shares that can be accessed
anonymously (CCE-9196)
44.Network access: Sharing and security model for local
accounts (CCE-9503)
45.Network security: Allow Local System to use computer identity
for NTLM (CCE-9096)
46.Network security: Allow LocalSystem NULL session
fallback (CCE-8804)
47.Network Security: Allow PKU2U authentication requests to this
computer to use online identities (CCE-9770)
48.Network Security: Configure encryption types allowed for
Kerberos (CCE-9532)
49.Network security: Do not store LAN Manager hash value on
next password changes (CCE-8937)
50.Network security: Force logoff when logon hours expire (CCE-
9704)
51.Network security: LAN Manager Authentication Level (CCE-
8806)
52. Network security: LDAP client signing requirements (CCE-9768)
53.Network security: Minimum session security for NTLM SSP
based (including secure RPC) clients (CCE-9534)
54.Network security: Minimum session security for NTLM SSP
based (including secure RPC) servers (CCE-9736)
55.Recovery Console: Allow Automatic Administrative
Logon (CCE-8807)
56.Recovery Console: Allow Floppy Copy and Access to All Drives
and All Folders (CCE-8945)
57.Shutdown: Allow System to be Shut Down Without Having to
Log On (CCE-9707)
58. Shutdown: Clear Virtual Memory Pagefile (CCE-9222)
59.System Cryptography: Use FIPS compliant algorithms for
encryption, hashing, and signing (CCE-9266)
60.System objects: Require case insensitivity for non-Windows
subsystems (CCE-9319)
61.System objects: Strengthen default permissions of internal
system objects (CCE-9191)
62.User Account Control: Admin Approval Mode for the Built-in
Administrator account (CCE-8811)
63.User Account Control: Allow UIAccess application to prompt
for elevation without using the secure desktop (CCE-9301)
64.User Account Control: Behavior of the elevation prompt for
administrators in Admin Approval Mode (CCE-8958)
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 5/16
65.User Account Control: Behavior of the elevation prompt for
standard users (CCE-8813)
66.User Account Control: Detect application installations and
prompt for elevation (CCE-9616)
67.User Account Control: Only elevate executables that are signed
and validated (CCE-9021)
68.User Account Control: Only elevate UIAccess applications that
are installed in secure locations (CCE-9801)
69.User Account Control: Run all administrators in Admin Approval
Mode (CCE-9189)
70.User Account Control: Switch to the secure desktop when
prompting for elevation (CCE-9395)
71.User Account Control: Virtualize file and registry write failures to
per-user locations (CCE-8817)
72.MSS: (AutoAdminLogon) Enable Automatic Logon (Not
Recommended) (CCE-9342)
73.MSS: (DisableIPSourceRouting) IP source routing protection
level (protects against packet spoofing) (CCE-9496)
74.MSS: (DisableIPSourceRouting IPv6) IP source routing
protection level (protects against packet spoofing) (CCE-8655)
75.MSS: (EnableICMPRedirect) Allow ICMP redirects to override
OSPF generated routes (CCE-8513)
76.
MSS: (Hidden) Hide computer from the browse list (Not
Recommended except for highly secure environments) (CCE-
8560)
77.MSS: (KeepAliveTime)How often keep-alive packets are sent in
milliseconds (CCE-9426)
78.MSS: (NoDefaultExempt) Enable NoDefaultExempt for IPSec
Filtering (recommended) (CCE-9439)
79.
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore
NetBIOS name release requests except from WINS servers (CCE-
8562)
80.
MSS: (PerformRouterDiscovery) Allow IRDP to detect and
configure DefaultGateway addresses (could lead to DoS) (CCE-
9458)
81.MSS: (SafeDllSearchMode) Enable Safe DLL search mode
(recommended) (CCE-9348)
82.MSS: (ScreenSaverGracePeriod) The time in seconds before the
screen saver grace period expires (0 recommended) (CCE-8591)
83.
MSS: (TCPMaxDataRetransmissions) How many timesunacknowledged data is retransmitted (3 recommended, 5 is
default) (CCE-9456)
84.
MSS: (TcpMaxDataRetransmissions IPv6) How many timesunacknowledged data is retransmitted (3 recommended, 5 is
default) (CCE-9487)
85.
MSS: (WarningLevel) Percentage threshold for the security
event log at which the system will generate a warning (CCE-
9501)
System Services Settings Section Score: 0.00 of 0.63
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 6/16
1. Bluetooth Support Service (CCE-10661)
2.Fax Service (CCE-10150)
3. HomeGroup Listener (CCE-10543)
4. Homegroup Provider (CCE-9910)
5. Media Center Extender (CCE-10699)
6. Parental Controls Service (CCE-10311)
Audit Policy Settings Section Score: 0.00 of 0.63
1. Application Group Management (CCE-8822)
2. Computer Account Management (CCE-9498)
3. Distribution Group Management (CCE-9644)
4. Other Account Management Events (CCE-9657)
5. Security Group Management (CCE-9692)
6. User Account Management (CCE-9542)
7. DPAPI Activity (CCE-9735)
8. Process Creation (CCE-9562)
9. Process Termination (CCE-9227)
10. RPC Events (CCE-9492)
11. Detailed Directory Service Replication (CCE-9628)
12. Directory Service Access (CCE-9765)
13. Directory Service Changes (CCE-9734)
14. Directory Service Replication (CCE-9637)
15. Account Lockout (CCE-8853)
16. IPsec Extended Mode (CCE-9661)
17. IPsec Main Mode (CCE-10939)
18. IPsec Quick Mode (CCE-9632)
19. Logoff (CCE-8856)
20. Logon (CCE-9683)
21. Other Logon/Logoff Events (CCE-9622)
22. Special Logon (CCE-9763)
23. Application Generated (CCE-9816)
24. Certification Services (CCE-9460)
25. File Share (CCE-9376)
26. File System (CCE-9217)
27. Filtering Platform Connection (CCE-9728)
28. Filtering Platform Packet Drop (CCE-9133)
29. Handle Manipulation (CCE-9789)
30. Kernel Object (CCE-9803)
31. Other Object Access Events (CCE-9455)
32. Registry (CCE-9737)
33. SAM (CCE-9856)
34. Audit Policy Change (CCE-10021)
35. Authentication Policy Change (CCE-9976)
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 7/16
36. Authorization Policy Change (CCE-9633)
37. Filtering Platform Policy Change (CCE-9902)
38. MPSSVC Rule-Level Policy Change (CCE-9153)
39. Other Policy Change Events (CCE-9596)
40. Non Sensitive Privilege Use (CCE-9190)
41. Other Privilege Use Events (CCE-9988)
42. Sensitive Privilege Use (CCE-9878)
43. IPsec Driver (CCE-9925)
44. Other System Events (CCE-9586)
45. Security State Change (CCE-9850)
46. Security System Extension (CCE-9863)
47. System Integrity (CCE-9520)
Computer Configuration -Administrative Templates - NetworkConnections
Section Score: 0.00 of 0.63
1. Turn on Mapper I/O (LLTDIO) driver (CCE-9783)
2. Turn on Responder (RSPNDR) driver (CCE-10059)
3.Turn Off Microsoft Peer-to-Peer Networking Services (CCE-
10438)
4.Prohibit installation and configuration of Network Bridge on
your DNS domain network (CCE-9953)
5.Require Domain users to elevate when setting a networks
location (CCE-10359)
6. Route all traffic through the internal network (CCE-10509)
7. _6to4 State (CCE-10266)
8. ISATAP State (CCE-10130)
9. Teredo State (CCE-10011)
10. IP HTTPS (CCE-10764)
11.Configuration of Wireless Settings Using Windows Connect
Now (CCE-9879)
12.Prohibit Access of the Windows Connect Now Wizards (CCE-
10778)
13.Extend point and print connection to search Windows update
and use alternate connection if needed (CCE-10782)
Computer Configuration -Administrative Templates - SystemSettings
Section Score: 0.00 of 0.63
1. Allow remote access to the PnP interface (CCE-10769)
2.Do not send a Windows Error Report when a generic driver is
installed on a device (CCE-9901)
3.
Prevent creation of a system restore point during device activity
that would normally promp creation of a restore point. (CCE-
10553)
4. Prevent device metadata retrieval from the internet (CCE-10165)
5.Specify search order for device driver source locations (CCE-
9919)
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 8/16
6. Registry Policy (CCE-9361)
7. Turn off downloading of print drivers over HTTP (CCE-9195)
8. Turn off event views (Events.asp) links (CCE-9819)
9. Turn off handwriting personalization data sharing (CCE-10645)
10. Turn off handwriting recognition error reporting (CCE-10645)
11.Turn off Internet connection wizard if URL connection is
referring to Microsoft.com (CCE-10649)
12.Turn off Internet download for Web publishing and online
ordering wizards (CCE-9674)
13. Turn off Internet file association service (CCE-10795)
14. Turn off printing over HTTP (CCE-10061)
15.Turn off registration if URL connection is referring to
Microsoft.com (CCE-10160)
16. Turn off Search Companion content file updates (CCE-10140)
17. Turn off the Order Prints picture task (CCE-9823)
18. Turn off the Publish to Web task for files and folders (CCE-9643)
19.Turn off the Windows Messenger Customer Experience
Improvement Program (CCE-9559)
20. Turn Off Windows Error Reporting (CCE-10441)
21. Always Use Classic Logon (CCE-10591)
22. Do not process the run once list (CCE-10154)
23.Require a Password when a Computer Wakes (On Battery) (CCE-
9829)
24.Require a Password when a Computer Wakes (Plugged) (CCE-
9670)
25. Offer Remote Assistance (CCE-9960)
26. Solicited Remote Assistance (CCE-9506)
27. Turn on session logging (CCE-10344)
27. Restrictions for Unauthenticated RPC clients (CCE-9396)
29. RPC Endpoint Mapper Client Authentication (CCE-10181)
Computer Configuration -Administrative Templates - System -Troubleshooting and Diagnostics
Section Score: 0.00 of 0.63
1.Microsoft support diagnostic tool: turn on msdt interactive
communication with support provider (CCE-9842)
2.
Troubleshooting: allow user to access online troubleshootingcontent on Microsoft server from the troubleshooting control
panel (CCE-10606)
3. Enable or disable perftrack (CCE-10219)
Computer Configuration -Administrative Templates - WindowsComponents
Section Score: 0.00 of 0.63
1. Confidure Windows NTP client (CCE-10500)
2. Turn off program inventory (CCE-10787)
3. Default behavior for autorun (CCE-10527)
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 9/16
4. Turn off Autoplay (CCE-9528)
5. Turn off autoplay for non volume devices (CCE-10655)
6. Enumerate administrator accounts on elevation (CCE-9938)
7. Do not allow digital locker to run (CCE-10759)
8. Override the More Gadgets Lnk (CCE-9857)
9.Disable unpacking and installation of gadgets that are not
digitally signed (CCE-10811)
10. Turn Off User Installed Windows Sidebar Gidgets (CCE-10586)
11. Maximum Application Log Size (CCE-9603)
12. Maximum Security Log Size (CCE-9967)
13. Maximum Setup Log Size (CCE-10714)
14. Maximum Setup Log Size (CCE-10156)
15. Turn Off Downloading of Game Information (CCE-10828)
16. Turn off game updates (CCE-10850)
17. Prevent the computer from joining a Homegroup (CCE-10183)
18. Disable remote desktop sharing (CCE-10763)
19. Do not allow passwords to be saved (CCE-10090)
20.Allow users to connect remotely using Remote Desktop
Services (CCE-9985)
21.Always prompt client for password upon connection (CCE-
10103)
22. Set client connection encryption level (CCE-9764)
23.Set a time limit for active but idle Terminal Services
sessions (CCE-10608)
24. Set a time limit for disconnected sessions (CCE-9858)
25. Do not delete temp folders upon exit (CCE-10856)
26. Do not use temporary folders per session (CCE-9864)
27. Turn off downloading of enclosures (CCE-10730)
28. Allow indexing of encrypted files (CCE-10496)
29. Enable indexing uncached Exchange folders (CCE-9866)
30. Prevent Windows anytime upgrade from running (CCE-10137)
31. Configure Microsoft SpyNet Reporting (CCE-9868)
32. Disable Logging (CCE-10157)
33. Disable Windows Error Reporting (CCE-9914)
34. Display Error Notification (CCE-10709)
35. Do Not Send Additional Data (CCE-10824)
36. Turn off data execution prevention for explorer (CCE-9918)
37. Turn off Heap termination on corruption (CCE-9874)
38. Turn off shell protocol protected mode (CCE-10623)
39.Disable IE security prompt for Windows Installer scripts (CCE-
9875)
40. Enable user control over installs (CCE-9876)
41.Prohibit non-administrators from applying vendor signed
updates (CCE-9888)
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 10/16
42. Report Logon Server Not Available During User logon (CCE-
9907)
43. Turn off the communities features (CCE-11252)
44.windows_mail_application_manual_launch_permitted_var (CCE-
10882)
45. Prevent Windows Media DRM Internet Access (CCE-9908)
46. Do Not Show First Use Dialog Boxes (CCE-10692)
47. Prevent Automatic Updates (CCE-10602)
48. Configure automatic updates (CCE-9403)
49.
Reschedule automatic updates scheduled installation (CCE-
10205)
50.No auto restart with logged on users for scheduled automatic
updates installations (CCE-9672)
51.Do not display 'Install updates and shut down option' in shut
down windows dialog box (CCE-9464)52. Games are not installed
53. Internet Information Services
54. Simple TCPIP Services
55. Telnet Client
56. Telnet Server
57. TFTP Client
58. Windows Media Center
Security Patches Section Score: 0.00 of 0.63
1. Security Patches Up-To-Date
Windows Firewall Inbound Rules Section Score: 0.00 of 0.63
1.Core Networking - Dynamic Host Configuration Protocol (DHCP-
In) (CCE-14986)
2.Core Networking - Dynamic Host Configuration Protocol
(DHCPV6-In) (CCE-14854)
Windows Firewall with AdvancedSecurity - Domain Profile
Section Score: 0.00 of 0.63
1. Log Dropped Packets (CCE-10502)
2. Logged Successful Connections (CCE-10268)
3. Name (CCE-10022)
4. Size Limit (CCE-9747)
5. Display a Notification (CCE-9774)
6. Apply Local Connection Security Rules (CCE-9329)
7. Apply Local Firewall Rules (CCE-9686)
8. Allow Unicast Response (CCE-9069)
9. Firewall state (CCE-9465)
10. Inbound Connections (CCE-9620)
11. Outbound Connections (CCE-9509)
Windows Firewall with AdvancedSecurity - Private Profile
Section Score: 0.00 of 0.63
1. Log Dropped Packets (CCE-10215)
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 11/16
2. Logged Successful Connections (CCE-10611)
3. Name (CCE-10386)
4. Size Limit (CCE-10250)
5. Display a Notification (CCE-8884)
6. Apply Local Connection Security Rules (CCE-9712)
7. Apply Local Firewall Rules (CCE-9663)
8. Allow Unicast Response (CCE-9522)
9. Firewall state (CCE-9739)
10. Inbound Connections (CCE-9694)
11. Outbound Connections (CCE-8870)
Windows Firewall with AdvancedSecurity - Public Profile
Section Score: 0.00 of 0.63
1. Log Dropped Packets (CCE-9749)
2. Logged Successful Connections (CCE-9753)
3. Name (CCE-9926)
4. Size Limit (CCE-10373)
5. Display a Notification (CCE-9742)
6. Apply Local Connection Security Rules (CCE-9817)
7. Apply Local Firewall Rules (CCE-9786)
8. Allow Unicast Response (CCE-9773)
9. Firewall state (CCE-9593)
10. Inbound Connections (CCE-9007)
11. Outbound Connections (CCE-9588)
Internet Explorer 8 - Local ComputerPolicy
Section Score: 0.00 of 0.63
1. Disable Configuring History - Local Computer (CCE-10387)
2.Disable Changing Automatic Configuration Settings - Local
Computer (CCE-10638)
3.Do Not Allow Users to enable or Disable Add-Ons - Local
Computer (CCE-10235)
4.Make proxy settings per-machine (rather than per-user) - Local
Computer (CCE-9870)
5.Prevent participation in the Customer Experience Improvement
Programs - Local Computer (CCE-10522)
6.Prevent performance of First Run Customize settings - Local
Computer (CCE-10641)
7.Security Zones: Do Not Allow Users to Add/Delete Sites - Local
Computer (CCE-10394)
8.Security Zones: Do Not Allow Users to Change Policies - Local
Computer (CCE-10037)
9.Security Zones: Use Only Machine Settings - Local
Computer (CCE-10096)
10. Turn Off Crash Detection - Local Computer (CCE-10594)
11.Turn Off Managing SmartScreen Filter - Local Computer (CCE-
9973)Turn Off the Security Settings Check Feature - Local
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 12/16
12. Computer (CCE-10607)
13.Include updated Web site lists from Microsoft - Local
Computer (CCE-10603)
14.Configure Delete Browsing History on exit - Local
Computer (CCE-10590)
15.Prevent Deleting Web sites that the User has Visited - Local
Computer (CCE-10110)
16. Turn off InPrivate Browsing - Local Computer (CCE-9885)
17.Allow Active Content from CDs to Run on User Machine - Local
Computer (CCE-10293)
18.Allow Software to Run or Install Even if the Signature is Invalid -
Local Computer (CCE-10052)
19.
Allow Third-Party Browser Extensions - Local Computer (CCE-
9905)
20.Automatically Check for Internet Explorer Updates - Local
Computer (CCE-10581)
21.Check for Server Certificate Revocation - Local Computer (CCE-
10074)
22.Check for signatures on downloaded programs - Local Computer
- variable (CCE-10055)
23.Intranet Sites: Include all network paths (UNCs) - Local
Computer (CCE-9660)
24.Access Data Sources Across Domains - Internet Zone - Local
Computer (CCE-10380)
25.Allow cut, copy or paste operations from the clipboard via script
- Internet Zone - Local Computer (CCE-10002)
26.Allow drag and drop or copy and paste files - Internet Zone -
Local Computer (CCE-10033)
27.Allow Font Downloads - Internet Zone - Local Computer (CCE-
10403)
28.Allow installation of desktop items - Internet Zone - Local
Computer (CCE-9790)
29.Allow scripting of Internet Explorer web browser control -
Internet Zone - Local Computer (CCE-9779)
30.Allow script-initiated windows without size or position
constraints - Internet Zone - Local Computer (CCE-9882)
31. Allow Scriptlets - Internet Zone - Local Computer (CCE-10685)
32.Allow status bar updates via script - Internet Zone - Local
Computer (CCE-9750)
33.Automatic prompting for file downloads - Internet Zone - Local
Computer (CCE-10389)
34.Download signed ActiveX controls - Internet Zone - Local
Computer (CCE-9917)
35.Download unsigned ActiveX controls - Internet Zone - Local
Computer (CCE-10433)
36.Include local directory path when uploading files to a server -
Internet Zone - Local Computer (CCE-10646)
37.Initialize and script ActiveX controls not marked as safe -
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 13/16
Internet Zone - Local Computer (CCE-10561)
38. Java permissions - Internet Zone - Local Computer (CCE-10182)
39.Launching applications and files in an IFRAME - Internet Zone -
Local Computer (CCE-9821)
40.Launching programs and unsafe files - Internet Zone - Local
Computer (CCE-10650)
41. Logon Options - Internet Zone - Local Computer (CCE-10472)
42.Loose XAML files - Internet Zone - Local Computer (CCE-
10672)
43.Navigate windows and frames across different domains - Internet
Zone - Local Computer (CCE-9865)
44.Only allow approved domains to use ActiveX controls without
prompt - Internet Zone - Local Computer (CCE-9793)
45.Open files based on content, not file extension - Internet Zone -
Local Computer (CCE-10107)
46.Run .NET Framework-reliant components not signed with
Authenticode - Internet Zone - Local Computer (CCE-10515)
47.Run .NET Framework-reliant components signed with
Authenticode - Internet Zone - Local Computer (CCE-10625)
48.Software channel permissions - Internet Zone - Local
Computer (CCE-10425)
49.Turn Off First-Run Opt-In - Internet Zone - Local
Computer (CCE-10434)
50.Turn on Cross-Site Scripting (XSS) Filter - Internet Zone - Local
Computer (CCE-10276)
51.Turn On Protected Mode - Internet Zone - Local
Computer (CCE-10676)
52.Use Pop-up Blocker - Internet Zone - Local Computer (CCE-
10486)
53.Userdata Persistence - Internet Zone - Local Computer (CCE-
10200)
54.Web sites in less privileged Web content zones can navigate
into this zone - Internet Zone - Local Computer (CCE-10622)
55. Java permissions - Intranet Zone - Local Computer (CCE-10566)
56.Java permissions - Local Machine Zone - Local Computer (CCE-
10319)
57.Download Signed ActiveX Controls - Locked Down Internet
Zone - Local Computer (CCE-10095)
58.Java permissions - Locked Down Internet Zone - Local
Computer (CCE-10597)
59.Java permissions - Locked Down Intranet Zone - Local
Computer (CCE-10342)
60.Java permissions - Locked Down Local Machine - Local
Computer (CCE-10535)
61.Java permissions - Locked Down Restricted Sites Zone - Local
Computer (CCE-10275)
62.Java permissions - Locked Down Trusted Sites Zone - Local
Computer (CCE-10654)
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 14/16
63. Access Data Sources Across Domains - Restricted Sites Zone -
Local Computer (CCE-10525)
64.Allow Active Scripting - Restricted Sites Zone - Local
Computer (CCE-10393)
65.Allow Binary and Script Behaviors - Restricted Sites Zone -
Local Computer (CCE-10547)
66.Allow cut, copy or paste operations from the clipboard via script
- Restricted SitesZone - Local Computer (CCE-10539)
67.
Allow drag and drop or copy and paste files - Restricted Sites
Zone - Local Computer (CCE-9667)
68.Allow File Downloads - Restricted Sites Zone - Local
Computer (CCE-10466)
69.Allow Font Downloads - Restricted Sites Zone - Local
Computer (CCE-9982)
70.Allow installation of desktop items - Restricted Sites Zone -
Local Computer (CCE-10475)
71.Allow scripting of Internet Explorer web browser control -
Restricted Sites Zone - Local Computer (CCE-10725)
72.Allow META REFRESH - Restricted Sites Zone - Local
Computer (CCE-10664)
73.Allow script-initiated windows without size or position
constraints - Restricted Sites Zone - Local Computer (CCE-9814)
74.Allow Scriptlets - Restricted Sites Zone - Local Computer (CCE-
10630)
75.Allow status bar updates via script - Restricted Sites Zone -
Local Computer (CCE-10431)
76.Automatic prompting for file downloads - Restricted Sites Zone -
Local Computer (CCE-9959)
77.Download signed ActiveX controls - Restricted Sites Zone -
Local Computer (CCE-10470)
78.Download unsigned ActiveX controls - Restricted Sites Zone -
Local Computer (CCE-10461)
79.Include local directory path when uploading files to a server -
Restricted Sites Zone - Local Computer (CCE-9781)
80.Initialize and script ActiveX controls not marked as safe -
Restricted Sites Zone - Local Computer (CCE-10347)
81.Java permissions - Restricted Sites Zone - Local Computer (CCE-
10620)
82.Launching applications and files in an IFRAME - Restricted Sites
Zone - Local Computer (CCE-10360)
83.Launching programs and unsafe files - Restricted Sites Zone -
Local Computer (CCE-10744)
84.Logon Options - Restricted Sites Zone - Local Computer (CCE-
10651)
85.Loose XAML files - Restricted Sites Zone - Local
Computer (CCE-10178)
86.Navigate sub-frames across different domains - Restricted Sites
Zone - Local Computer (CCE-10642)Only allow approved domains to use ActiveX controls without
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 15/16
87. prompt - Restricted Sites Zone - Local Computer (CCE-9832)
88.Open files based on content, not file extension - Restricted Sites
Zone - Local Computer (CCE-10277)
89.
Run .NET Framework-reliant components not signed with
Authenticode - Restricted Sites Zone - Local Computer (CCE-
9898)
90.
Run .NET Framework-reliant components signed with
Authenticode - Restricted Sites Zone - Local Computer (CCE-
9673)
91.Run ActiveX controls and plugins - Restricted Sites Zone - Local
Computer (CCE-9792)
92.Script ActiveX controls marked safe for scripting - Restricted
Sites Zone - Local Computer (CCE-10554)
93.Scripting of Java Applets - Restricted Sites Zone - Local
Computer (CCE-10083)
94.Software channel permissions - Restricted Sites Zone - Local
Computer (CCE-9669)
95.Turn Off First-Run Opt-In - Restricted Sites Zone - Local
Computer (CCE-10420)
96.Turn on Cross-Site Scripting (XSS) Filter - Restricted Sites Zone
- Local Computer (CCE-10105)
97.Turn On Protected Mode - Restricted Sites Zone - Local
Computer (CCE-9945)
98.Use Pop-up Blocker - Restricted Sites Zone - Local
Computer (CCE-10094)
99.Userdata Persistence - Restricted Sites Zone - Local
Computer (CCE-9760)
100.
Web sites in less privileged Web content zones can navigate
into this zone - Restricted Sites Zone - Local Computer (CCE-
10609)
101.Java permissions - Trusted Sites Zone - Local Computer (CCE-
10696)
102.
Turn Off changing the URL to be displayed for checking updates
to Internet Explorer and Internet Tools - Local Computer (CCE-
10595)
103.Turn Off Configuring the Update Check Interval (In Days) -
Local Computer (CCE-9776)
104.Internet Explorer Processes - Consistent Mime Handling - Local
Computer (CCE-10138)
105.Internet Explorer Processes - Mime Sniffing Safety Feature -
Local Computer (CCE-10635)
106.Internet Explorer Processes - MK Protocol Security Restriction -
Local Computer (CCE-10265)
107.Internet Explorer Processes - Protection From Zone Elevation -
Local Computer (CCE-10574)
108.Internet Explorer Processes - Restrict ActiveX Install - Local
Computer (CCE-10405)
109.Internet Explorer Processes - Restrict File Download - Local
Computer (CCE-10578)
7/7/2014 Belarc Advisor Security Benchmark Summary
file:///C:/Program%20Files/Belarc/BelarcAdvisor/System/tmp/BenchmarkSummary((acer-PC)).html 16/16
110. Internet Explorer Processes - Scripted Window Security
Restrictions - Local Computer (CCE-10604)
Copyright 2000-13, Belarc, Inc. All rights reserved. Legal notice. U.S. Patents 5665951, 6085229 and Patents pending.