SharePoint must prevent non-privileged users from circumventing malicious code protection capabilities.

An XCCDF Rule

Description

<VulnDiscussion>Malicious code protection software must be protected to prevent a non-privileged user or malicious piece of software from disabling the protection mechanism. A common tactic of malware is to identify the type of malicious code protection software running on the system and deactivate it. Malicious code includes viruses, worms, Trojan horses, and Spyware. Examples include the capability for non-administrative users to turn off or otherwise disable anti-virus.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-223263r612235_rule
Severity: High
References: CCI-002235
Updated: about 1 year ago

Configure the SharePoint server to prevent non-privileged users from circumventing malicious code protection capabilities.

Navigate to Central Administration.

Click "Manage web applications".
Select the web application by clicking its name.

Select "Blocked File Types" from the ribbon.

Add file types that are defined in the SSP but not in the list of blocked file types.

Click "Ok".

Repeat for each web application that has findings.

SharePoint must prevent non-privileged users from circumventing malicious code protection capabilities.

Description

Remediation - Manual Procedure