Open kwygant opened 1 year ago
Hello @kwygant ,
Can you expand on this a bit - Please update with your proposed changes to the processed STIG. A picture of the proposed registry change would be helpful.
I have not been able to find references to this: **delvals."
Thank you,
Eric
[MS-GPREG]: New or Changed GPO List Processing | Microsoft Learnhttps://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpreg/57226664-ce00-4487-994e-a6b3820f3e49
The STIG setting is to delete all values, you can do so by adding the **delvals
From: Eric Jenkins @.> Sent: Friday, September 15, 2023 11:47 AM To: microsoft/PowerStig @.> Cc: Mention @.>; Author @.> Subject: Re: [microsoft/PowerStig] V-245539 for Chrome set to disabled (Issue #1217)
Hello @kwyganthttps://github.com/kwygant ,
Can you expand on this a bit - Please update with your proposed changes to the processed STIG.
I have not been able to find references to this: **delvals."
Thank you,
Eric
- Reply to this email directly, view it on GitHubhttps://github.com/microsoft/PowerStig/issues/1217#issuecomment-1721569665 or unsubscribehttps://github.com/notifications/unsubscribe-auth/AIGEBTNXVUD6YKSMYXN6MJTX2SA6TBFKMF2HI4TJMJ2XIZLTSOBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDUOJ2WLJDOMFWWLLTXMF2GG2C7MFRXI2LWNF2HTAVFOZQWY5LFUVUXG43VMWSG4YLNMWVXI2DSMVQWIX3UPFYGLLDTOVRGUZLDORPXI6LQMWWES43TOVSUG33NNVSW45FGORXXA2LDOOJIFJDUPFYGLKTSMVYG643JORXXE6NFOZQWY5LFVEYTGMRRGAYDKMRZQKSHI6LQMWSWS43TOVS2K5TBNR2WLKRRGY2TMMBXGMYTOONHORZGSZ3HMVZKMY3SMVQXIZI. You are receiving this email because you were mentioned.
Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
I would be curious to know if this would trigger a positive hit on automated scanners such as Nessus or SCAP, because the STIG says ". If this key exists and has any defined values, this is a finding". Technically the key would exist and would have a value of **delvals. I will need to do a bit more research and try to get a scan to confirm this won't trigger a new finding.
The reg key wouldn't exist, the **delvals is defined in the registry.pol which would in turn delete any reg values that exist.
Ken Wygant Sr Cloud Solution Architect - Engineering Configuration Manager Microsoft Federal Office: (320) 434-6041 Mobile: (952) 463-6280 @.**@.> @.***
Recommended for Endpoint Configuration Manager Environments: Microsoft Endpoint Manager : Update Compliance Dashboardhttps://techcommunity.microsoft.com/t5/core-infrastructure-and-security/customer-offerings-microsoft-endpoint-manager-update-compliance/ba-p/2113768 @.**@*.**@*.**@.
From: Eric Jenkins @.> Sent: Monday, September 18, 2023 8:19 AM To: microsoft/PowerStig @.> Cc: Author @.>; Comment @.> Subject: Re: [microsoft/PowerStig] V-245539 for Chrome set to disabled (Issue #1217)
I would be curious to know if this would trigger a positive hit on automated scanners such as Nessus or SCAP, because the STIG says ". If this key exists and has any defined values, this is a finding". Technically the key would exist and would have a value of **delvals. I will need to do a bit more research and try to get a scan to confirm this won't trigger a new finding.
- Reply to this email directly, view it on GitHubhttps://github.com/microsoft/PowerStig/issues/1217#issuecomment-1723394809 or unsubscribehttps://github.com/notifications/unsubscribe-auth/AIGEBTKGHGMMTIZ6XZLBNYDX3BC5RBFKMF2HI4TJMJ2XIZLTSOBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDUOJ2WLJDOMFWWLLTXMF2GG2C7MFRXI2LWNF2HTAVFOZQWY5LFUVUXG43VMWSG4YLNMWVXI2DSMVQWIX3UPFYGLLDTOVRGUZLDORPXI6LQMWWES43TOVSUG33NNVSW45FGORXXA2LDOOJIFJDUPFYGLKTSMVYG643JORXXE6NFOZQWY5LFVEYTGMRRGAYDKMRZQKSHI6LQMWSWS43TOVS2K5TBNR2WLKRRGY2TMMBXGMYTOONHORZGSZ3HMVZKMY3SMVQXIZI. You are receiving this email because you authored the thread.
Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
The current check for v-245539 deletes and registry values in the key at the time the check is run, but does not protect against someone entering a url in the registry or change an existing policy if one exists to enable.
If the value was set to "**delvals." it would set the policy to disabled and delete any values in the reg key.
Group Title: SRG-APP-000080
Rule Title: Session only based cookies must be disabled.
Discussion: Cookies set by pages matching these URL patterns will be limited to the current session, i.e. they will be deleted when the browser exits.
For URLs not covered by the patterns specified here, or for all URLs if this policy is not set, the global default value will be used either from the 'DefaultCookiesSetting' policy, if it is set, or the user's personal configuration otherwise.
Check Text: Universal method:
Windows method:
Fix Text: Windows group policy: