4.4 KiB
4.4 KiB
| 1 | Security Recommendations Export | 02 Aug 2024 13:00 PM +00:00 | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2 | Security recommendation | Weaknesses | Related component | Has Exploit | Has Known Threats | Has Associated Alerts | Exposed Machines | Total Machines | Status | Type | Exposure Score impact | Configuration Score impact | EOS software state | EOS software from | Has EOS Versions | Has Upcoming EOS Versions | Tags |
| 3 | Disable the built-in Administrator account | 1 | Accounts | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | |||
| 4 | Enable Local Admin password management | 1 | Accounts | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | HumanOperatedRansomware | ||
| 5 | Disable the local storage of passwords and credentials | 1 | Accounts | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | HumanOperatedRansomware | ||
| 6 | Set User Account Control (UAC) to automatically deny elevation requests | 1 | OS | FALSE | FALSE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | |||
| 7 | Set 'Interactive logon: Machine inactivity limit' to '1-900 seconds' | 1 | OS | FALSE | FALSE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | covid19 | ||
| 8 | Set 'Minimum PIN length for startup' to '6 or more characters' | 1 | OS | FALSE | FALSE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | |||
| 9 | Turn on Microsoft Defender Application Guard managed mode | 1 | Security controls (Application Guard) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | |||
| 10 | Block executable content from email client and webmail | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | |||
| 11 | Block all Office applications from creating child processes | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | UserImpactAssessment, HumanOperatedRansomware | ||
| 12 | Block Office applications from creating executable content | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | UserImpactAssessment | ||
| 13 | Block Office applications from injecting code into other processes | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | |||
| 14 | Block JavaScript or VBScript from launching downloaded executable content | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | UserImpactAssessment | ||
| 15 | Block execution of potentially obfuscated scripts | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | |||
| 16 | Block Win32 API calls from Office macros | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | |||
| 17 | Block executable files from running unless they meet a prevalence, age, or trusted list criterion | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | UserImpactAssessment | ||
| 18 | Use advanced protection against ransomware | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | |||
| 19 | Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | UserImpactAssessment, HumanOperatedRansomware | ||
| 20 | Block process creations originating from PSExec and WMI commands | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | UserImpactAssessment, HumanOperatedRansomware | ||
| 21 | Block untrusted and unsigned processes that run from USB | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | UserImpactAssessment | ||
| 22 | Block Office communication application from creating child processes | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | UserImpactAssessment | ||
| 23 | Block Adobe Reader from creating child processes | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | UserImpactAssessment | ||
| 24 | Block persistence through WMI event subscription | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE | UserImpactAssessment | ||
| 25 | Block abuse of exploited vulnerable signed drivers | 1 | Security controls (Attack Surface Reduction) | FALSE | TRUE | FALSE | 1 | 0 | Active | Configuration change | 0 | 0 | FALSE | FALSE |