SharePoint must prevent non-privileged users from circumventing malicious code protection capabilities.

From MS SharePoint 2013 Security Technical Implementation Guide

Part of SRG-APP-000273

Associated with: CCI-002235

SV-74417r1_rule SharePoint must prevent non-privileged users from circumventing malicious code protection capabilities.

Vulnerability discussion

Malicious code protection software must be protected to prevent a non-privileged user or malicious piece of software from disabling the protection mechanism. A common tactic of malware is to identify the type of malicious code protection software running on the system and deactivate it. Malicious code includes viruses, worms, Trojan horses, and Spyware.Examples include the capability for non-administrative users to turn off or otherwise disable anti-virus.

Check content

Review the SharePoint server configuration to ensure non-privileged users are prevented from circumventing malicious code protection capabilities. Confirm that the list of blocked file types configured in Central Administration matches the "blacklist" document in the application's SSP. See TechNet for default file types that are blocked: http://technet.microsoft.com/en-us/library/cc262496.aspx Navigate to Central Administration. Click "Manage web applications". Select the web application by clicking its name. Select "Blocked File Types" from the ribbon. Compare the list of blocked file types to those listed in the SSP. If the SSP has file types that are not in the blocked file types list, this is a finding. Repeat check for each web application.

Fix text

Configure the SharePoint server to prevent non-privileged users from circumventing malicious code protection capabilities. Navigate to Central Administration. Click "Manage web applications". Select the web application by clicking its name. Select "Blocked File Types" from the ribbon. Add file types that are defined in the SSP but not in the list of blocked file types. Click "Ok". Repeat for each web application that has findings.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer