Dated: 15-11-2024

Ch03. case Study Security Hardening - Windows 8 Workstation

• CIS Benchmarks case study (Windows 8.1)

• 18.9.70.3 Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled' (Scored)

• Profile applicability:
  • Level 1
  • Level 1 + BitLocker
• Description: This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps.
  • The recommended state for this setting is: Disabled.
• Rationale: Memory dumps may contain sensitive information and should not be automatically sent to anyone.
• Audit: Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting:AutoApproveOSDumps

• Remediation: To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Error Reporting\Automatically send memory dumps for OS-generated error reports

• Impact: All memory dumps are uploaded according to the default consent and notification settings
• Default Value: Enabled. (Any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user.)
• References:
  • CCE-33927-5
  • Critical Controls:
    • 13 Data Protection