Belarc Advisor
The license associated with the Belarc Advisor product allows for free personal use only. Use on computers in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your computer by the Belarc Advisor. Your computer profile was not sent to a web server. Click here for more info.
About Belarc Commercial and Government Products

Back to Profile Summary
Click any benchmark setting at right for documentation.

Why are security benchmarks important for IT security?  Many current threats are not stopped by perimeter security systems such as firewall and anti-virus systems.  Setting and monitoring configurations based on consensus benchmarks is a critical step because this is a pro-active way to avoid many successful attacks.  The U.S. National Security Agency has found that configuring computers with proper security settings blocks 90% of the existing threats ("Security Benchmarks: A Gold Standard." IA Newsletter, vol. 5 no. 3 Click here to view) To request a copy of our white paper, "Securing the Enterprise", click here.

What is the USGCB Benchmark?  The United States Government Configuration Baseline (USGCB) is a US Government OMB-mandated security configuration for Windows 7 and Internet Explorer 8.  Developed by DoD, with NIST assistance, the benchmark is the product of DoD consensus.  Click here for details.

What are FDCC Benchmarks?  The Federal Desktop Core Configuration (FDCC) is a US Government OMB-mandated security configuration for Windows Vista and XP.  The Windows Vista FDCC is based on DoD customization of the Microsoft Security Guides for both Windows Vista and Internet Explorer 7.0.  Microsoft's Vista Security Guide was produced through a collaborative effort with DISA, NSA, and NIST, reflecting the consensus recommended settings from DISA, NSA, and NIST.  The Windows XP FDCC is based on US Air Force customization of the Specialized Security-Limited Functionality (SSLF) recommendations in NIST SP 800-68 and DoD customization of the recommendations in Microsoft's Security Guide for Internet Explorer 7.0.  Click here for details.

What is the Security Benchmark Score?  The Belarc Advisor has audited the security of your computer using a benchmark appropriate to your operating system.  The result is a number between zero and ten that gives a measure of the vulnerability of your system to potential threats.  The higher the number the less vulnerable your system.

How can you reduce your security vulnerability?  The local group policy editor (accessed by running the gpedit.msc command) can be used to configure security settings for your computer.  Windows home editions don't include that editor, but most security settings can also be made with registry entries instead.  Warning: Applying these security settings may cause some applications to stop working correctly.  Back up your system prior to applying these security templates or apply the templates on a test system first. For domain member computers, the benchmark configurations are available from the benchmark creator's web site as Microsoft Group Policy Object files that can be used with Active Directory.  Follow the links above to the web site of your Benchmark's creator. 

Security Benchmark Score Details

Computer Name:win7_xen2_Vir (in MYGROUP)
Profile Date:Tuesday, December 13, 2016 8:31:34 PM
Advisor Version:8.5c
Windows Logon:watson
Try BelManage, the Enterprise version of the Belarc Advisor
Score: 0.63 of 10   (what's this?) Pass = Pass
Fail = Fail
Benchmark: USGCB - Windows 7, Version 1.0.1.0
+ Expand all sections
pass + Account Lockout Policy Settings Section Score: 0.63 of 0.63
pass 1. Account Lockout Duration (CCE-9308)
pass 2. Account Lockout Threshold (CCE-9136)
pass 3. Reset Account Lockout Counter After (CCE-9400)
fail + Password Policy Settings Section Score: 0.00 of 0.63
fail 1. Enforce Password History (CCE-8912)
pass 2. Maximum Password Age (CCE-9193)
fail 3. Minimum Password Age (CCE-9330)
fail 4. Minimum Password Length (CCE-9357)
fail 5. Password Complexity (CCE-9370)
pass 6. Reversible Password Encryption (CCE-9260)
fail + User Rights Assignments Section Score: 0.00 of 0.63
fail 1. Access This Computer From The Network (CCE-9253)
pass 2. Act As Part Of The Operating System (CCE-9407)
pass 3. Adjust Memory Quotas For A Process (CCE-9068)
fail 4. Log On Locally (CCE-9345)
pass 5. Log On Through Terminal Services (CCE-9107)
fail 6. Back Up Files and Directories (CCE-9389)
fail 7. Bypass Traverse Checking (CCE-8414)
pass 8. Change the System Time (CCE-8612)
pass 9. Change the time zone (CCE-8423)
pass 10. Create A Pagefile (CCE-9185)
pass 11. Create A Token Object (CCE-9215)
pass 12. Create Global Objects (CCE-8431)
pass 13. Create Permanent Shared Objects (CCE-9254)
pass 14. Create symbolic links (CCE-8460)
pass 15. Debug Programs (CCE-8583)
fail 16. Deny Access To This Computer From The Network (CCE-9244)
fail 17. Deny Logon As A Batch Job (CCE-9212)
pass 18. Deny Logon As A Service (CCE-9098)
fail 19. Deny Logon Locally (CCE-9239)
fail 20. Deny Logon Through Remote Desktop Services (CCE-9274)
pass 21. Force Shutdown From A Remote System (CCE-9336)
pass 22. Generate Security Audits (CCE-9226)
pass 23. Impersonate a Client After Authentication (CCE-8467)
fail 24. Increase a Process Working Set (CCE-9048)
pass 25. Increase Scheduling Priority (CCE-8999)
pass 26. Load And Unload Device Drivers (CCE-9135)
pass 27. Lock Pages In Memory (CCE-9289)
fail 28. Log On As A Batch Job (CCE-9320)
fail 29. Log On As A Service (CCE-9461)
pass 30. Manage Auditing And Security Log (CCE-9223)
pass 31. Modify an object label (CCE-9149)
pass 32. Modify Firmware Environment Values (CCE-9417)
pass 33. Perform Volume Maintenance Tasks (CCE-8475)
pass 34. Profile Single Process (CCE-9388)
pass 35. Profile System Performance (CCE-9419)
pass 36. Remove Computer From Docking Station (CCE-9326)
pass 37. Replace A Process Level Token (CCE-8732)
fail 38. Restore Files And Directories (CCE-9124)
fail 39. Shut Down The System (CCE-9014)
pass 40. Take Ownership Of Files Or Other Objects" (CCE-9309)
fail + Security Options Settings Section Score: 0.00 of 0.63
pass 1. Accounts: Administrator account status (CCE-9199)
pass 2. Accounts: Guest account status (CCE-8714)
pass 3. Accounts: Limit local account use to blank passwords to console logon only (CCE-9418)
fail 4. Accounts: Rename administrator account (CCE-8484)
fail 5. Accounts: Rename guest account (CCE-9229)
pass 6. Audit: Audit the access of global system objects (CCE-9150)
pass 7. Audit: Audit the use of Backup and Restore privilege (CCE-8789)
fail 8. Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings (CCE-9432)
pass 9. Devices: Prevent users from installing printer drivers (CCE-9026)
fail 10. Devices: Restrict CD-ROM access to locally logged-on user only" (CCE-9304)
fail 11. Devices: Restrict floppy access to locally logged-on user only (CCE-9440)
pass 12. Domain member: Digitally encrypt or sign secure channel data (always) (CCE-8974)
pass 13. Domain member: Digitally encrypt secure channel data (when possible) (CCE-9251)
pass 14. Domain member: Digitally sign secure channel data (when possible) (CCE-9375)
pass 15. Domain member: Disable machine account password changes (CCE-9295)
pass 16. Domain member: Maximum machine account password age (CCE-9123)
pass 17. Domain member: Require strong (Windows 2000 or later) session key (CCE-9387)
fail 18. Interactive logon: Do not display last user name (CCE-9449)
fail 19. Interactive logon: Do not require CTRL+ALT+DEL (CCE-9317)
fail 20. Interactive logon: Message text for users attempting to log on (CCE-8973)
fail 21. Interactive logon: Message title for users attempting to log on (CCE-8740)
fail 22. Interactive logon: Number of previous logons to cache (in case domain controller is not available) (CCE-8487)
fail 23. Interactive logon: Prompt user to change password before expiration (CCE-9307)
pass 24. Interactive logon: Require Domain Controller authentication to unlock workstation (CCE-8818)
fail 25. Interactive logon: Smart card removal behavior (CCE-9067)
fail 26. Microsoft network client: Digitally sign communications (always) (CCE-9327)
pass 27. Microsoft network client: Digitally sign communications (if server agrees) (CCE-9344)
pass 28. Microsoft network client: Send unencrypted password to third-party SMB servers (CCE-9265)
pass 29. Microsoft network server: Amount of idle time required before suspending session (CCE-9406)
fail 30. Microsoft network server: Digitally sign communications (always) (CCE-9040)
fail 31. Microsoft network server: Digitally sign communications (if client agrees) (CCE-8825)
pass 32. Microsoft network server: Disconnect clients when logon hours expire (CCE-9358)
fail 33. Microsoft network server: SPN Target name validation (CCE-8503)
pass 34. Network access: Allow anonymous SID-Name translation (CCE-9531)
pass 35. Network access: Do not allow anonymous enumeration of SAM accounts (CCE-9249)
fail 36. Network access: Do not allow anonymous enumeration of SAM accounts and shares (CCE-9156)
fail 37. Network access: Do not allow storage of passwords and credentials for network authentication (CCE-8654)
pass 38. Network access: Let Everyone permissions apply to anonymous users (CCE-8936)
pass 39. Network access: Named Pipes that can be accessed anonymously - netlogon, lsarpc, samr, browser (CCE-9218)
pass 40. Network access: Remotely accessible registry paths (CCE-9121)
pass 41. Network access: Remotely accessible registry paths and sub paths (CCE-9386)
pass 42. Network access: Restrict anonymous access to Named Pipes and Shares (CCE-9540)
fail 43. Network access: Shares that can be accessed anonymously (CCE-9196)
pass 44. Network access: Sharing and security model for local accounts (CCE-9503)
fail 45. Network security: Allow Local System to use computer identity for NTLM (CCE-9096)
fail 46. Network security: Allow LocalSystem NULL session fallback (CCE-8804)
fail 47. Network Security: Allow PKU2U authentication requests to this computer to use online identities (CCE-9770)
fail 48. Network Security: Configure encryption types allowed for Kerberos (CCE-9532)
pass 49. Network security: Do not store LAN Manager hash value on next password changes (CCE-8937)
fail 50. Network security: Force logoff when logon hours expire (CCE-9704)
fail 51. Network security: LAN Manager Authentication Level (CCE-8806)
pass 52. Network security: LDAP client signing requirements (CCE-9768)
fail 53. Network security: Minimum session security for NTLM SSP based (including secure RPC) clients (CCE-9534)
fail 54. Network security: Minimum session security for NTLM SSP based (including secure RPC) servers (CCE-9736)
pass 55. Recovery Console: Allow Automatic Administrative Logon (CCE-8807)
pass 56. Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders (CCE-8945)
pass 57. Shutdown: Allow System to be Shut Down Without Having to Log On (CCE-9707)
pass 58. Shutdown: Clear Virtual Memory Pagefile (CCE-9222)
fail 59. System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing (CCE-9266)
pass 60. System objects: Require case insensitivity for non-Windows subsystems (CCE-9319)
pass 61. System objects: Strengthen default permissions of internal system objects (CCE-9191)
pass 62. User Account Control: Admin Approval Mode for the Built-in Administrator account (CCE-8811)
pass 63. User Account Control: Allow UIAccess application to prompt for elevation without using the secure desktop (CCE-9301)
fail 64. User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (CCE-8958)
fail 65. User Account Control: Behavior of the elevation prompt for standard users (CCE-8813)
pass 66. User Account Control: Detect application installations and prompt for elevation (CCE-9616)
pass 67. User Account Control: Only elevate executables that are signed and validated (CCE-9021)
pass 68. User Account Control: Only elevate UIAccess applications that are installed in secure locations (CCE-9801)
pass 69. User Account Control: Run all administrators in Admin Approval Mode (CCE-9189)
pass 70. User Account Control: Switch to the secure desktop when prompting for elevation (CCE-9395)
pass 71. User Account Control: Virtualize file and registry write failures to per-user locations (CCE-8817)
pass 72. MSS: (AutoAdminLogon) Enable Automatic Logon (Not Recommended) (CCE-9342)
fail 73. MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (CCE-9496)
fail 74. MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) (CCE-8655)
fail 75. MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (CCE-8513)
fail 76. MSS: (Hidden) Hide computer from the browse list (Not Recommended except for highly secure environments) (CCE-8560)
fail 77. MSS: (KeepAliveTime)How often keep-alive packets are sent in milliseconds (CCE-9426)
fail 78. MSS: (NoDefaultExempt) Enable NoDefaultExempt for IPSec Filtering (recommended) (CCE-9439)
fail 79. MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (CCE-8562)
fail 80. MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure DefaultGateway addresses (could lead to DoS) (CCE-9458)
fail 81. MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) (CCE-9348)
fail 82. MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) (CCE-8591)
fail 83. MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (CCE-9456)
fail 84. MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (CCE-9487)
fail 85. MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning (CCE-9501)
fail + System Services Settings Section Score: 0.00 of 0.63
fail 1. Bluetooth Support Service (CCE-10661)
fail 2. Fax Service (CCE-10150)
fail 3. HomeGroup Listener (CCE-10543)
fail 4. Homegroup Provider (CCE-9910)
pass 5. Media Center Extender (CCE-10699)
fail 6. Parental Controls Service (CCE-10311)
fail + Audit Policy Settings Section Score: 0.00 of 0.63
pass 1. Application Group Management (CCE-8822)
fail 2. Computer Account Management (CCE-9498)
pass 3. Distribution Group Management (CCE-9644)
fail 4. Other Account Management Events (CCE-9657)
fail 5. Security Group Management (CCE-9692)
fail 6. User Account Management (CCE-9542)
pass 7. DPAPI Activity (CCE-9735)
fail 8. Process Creation (CCE-9562)
pass 9. Process Termination (CCE-9227)
pass 10. RPC Events (CCE-9492)
pass 11. Detailed Directory Service Replication (CCE-9628)
pass 12. Directory Service Access (CCE-9765)
pass 13. Directory Service Changes (CCE-9734)
pass 14. Directory Service Replication (CCE-9637)
fail 15. Account Lockout (CCE-8853)
pass 16. IPsec Extended Mode (CCE-9661)
pass 17. IPsec Main Mode (CCE-10939)
pass 18. IPsec Quick Mode (CCE-9632)
pass 19. Logoff (CCE-8856)
fail 20. Logon (CCE-9683)
pass 21. Other Logon/Logoff Events (CCE-9622)
pass 22. Special Logon (CCE-9763)
pass 23. Application Generated (CCE-9816)
pass 24. Certification Services (CCE-9460)
pass 25. File Share (CCE-9376)
fail 26. File System (CCE-9217)
pass 27. Filtering Platform Connection (CCE-9728)
pass 28. Filtering Platform Packet Drop (CCE-9133)
pass 29. Handle Manipulation (CCE-9789)
pass 30. Kernel Object (CCE-9803)
pass 31. Other Object Access Events (CCE-9455)
fail 32. Registry (CCE-9737)
pass 33. SAM (CCE-9856)
fail 34. Audit Policy Change (CCE-10021)
pass 35. Authentication Policy Change (CCE-9976)
pass 36. Authorization Policy Change (CCE-9633)
pass 37. Filtering Platform Policy Change (CCE-9902)
pass 38. MPSSVC Rule-Level Policy Change (CCE-9153)
pass 39. Other Policy Change Events (CCE-9596)
pass 40. Non Sensitive Privilege Use (CCE-9190)
pass 41. Other Privilege Use Events (CCE-9988)
fail 42. Sensitive Privilege Use (CCE-9878)
fail 43. IPsec Driver (CCE-9925)
fail 44. Other System Events (CCE-9586)
fail 45. Security State Change (CCE-9850)
fail 46. Security System Extension (CCE-9863)
pass 47. System Integrity (CCE-9520)
fail + Computer Configuration - Administrative Templates - Network Connections Section Score: 0.00 of 0.63
fail 1. Turn on Mapper I/O (LLTDIO) driver (CCE-9783)
fail 2. Turn on Responder (RSPNDR) driver (CCE-10059)
fail 3. Turn Off Microsoft Peer-to-Peer Networking Services (CCE-10438)
fail 4. Prohibit installation and configuration of Network Bridge on your DNS domain network (CCE-9953)
fail 5. Require Domain users to elevate when setting a networks location (CCE-10359)
fail 6. Route all traffic through the internal network (CCE-10509)
fail 7. _6to4 State (CCE-10266)
fail 8. ISATAP State (CCE-10130)
fail 9. Teredo State (CCE-10011)
fail 10. IP HTTPS (CCE-10764)
fail 11. Configuration of Wireless Settings Using Windows Connect Now (CCE-9879)
fail 12. Prohibit Access of the Windows Connect Now Wizards (CCE-10778)
fail 13. Extend point and print connection to search Windows update and use alternate connection if needed (CCE-10782)
fail + Computer Configuration - Administrative Templates - System Settings Section Score: 0.00 of 0.63
fail 1. Allow remote access to the PnP interface (CCE-10769)
fail 2. Do not send a Windows Error Report when a generic driver is installed on a device (CCE-9901)
fail 3. Prevent creation of a system restore point during device activity that would normally promp creation of a restore point. (CCE-10553)
fail 4. Prevent device metadata retrieval from the internet (CCE-10165)
fail 5. Specify search order for device driver source locations (CCE-9919)
fail 6. Registry Policy (CCE-9361)
fail 7. Turn off downloading of print drivers over HTTP (CCE-9195)
fail 8. Turn off event views (Events.asp) links (CCE-9819)
fail 9. Turn off handwriting personalization data sharing (CCE-10645)
fail 10. Turn off handwriting recognition error reporting (CCE-10645)
fail 11. Turn off Internet connection wizard if URL connection is referring to Microsoft.com (CCE-10649)
fail 12. Turn off Internet download for Web publishing and online ordering wizards (CCE-9674)
fail 13. Turn off Internet file association service (CCE-10795)
fail 14. Turn off printing over HTTP (CCE-10061)
fail 15. Turn off registration if URL connection is referring to Microsoft.com (CCE-10160)
fail 16. Turn off Search Companion content file updates (CCE-10140)
fail 17. Turn off the Order Prints picture task (CCE-9823)
fail 18. Turn off the Publish to Web task for files and folders (CCE-9643)
fail 19. Turn off the Windows Messenger Customer Experience Improvement Program (CCE-9559)
fail 20. Turn Off Windows Error Reporting (CCE-10441)
fail 21. Always Use Classic Logon (CCE-10591)
fail 22. Do not process the run once list (CCE-10154)
fail 23. Require a Password when a Computer Wakes (On Battery) (CCE-9829)
fail 24. Require a Password when a Computer Wakes (Plugged) (CCE-9670)
fail 25. Offer Remote Assistance (CCE-9960)
fail 26. Solicited Remote Assistance (CCE-9506)
fail 27. Turn on session logging (CCE-10344)
fail 27. Restrictions for Unauthenticated RPC clients (CCE-9396)
fail 29. RPC Endpoint Mapper Client Authentication (CCE-10181)
fail + Computer Configuration - Administrative Templates - System - Troubleshooting and Diagnostics Section Score: 0.00 of 0.63
fail 1. Microsoft support diagnostic tool: turn on msdt interactive communication with support provider (CCE-9842)
fail 2. Troubleshooting: allow user to access online troubleshooting content on Microsoft server from the troubleshooting control panel (CCE-10606)
fail 3. Enable or disable perftrack (CCE-10219)
fail + Computer Configuration - Administrative Templates - Windows Components Section Score: 0.00 of 0.63
fail 1. Confidure Windows NTP client (CCE-10500)
fail 2. Turn off program inventory (CCE-10787)
fail 3. Default behavior for autorun (CCE-10527)
fail 4. Turn off Autoplay (CCE-9528)
fail 5. Turn off autoplay for non volume devices (CCE-10655)
fail 6. Enumerate administrator accounts on elevation (CCE-9938)
fail 7. Do not allow digital locker to run (CCE-10759)
fail 8. Override the More Gadgets Lnk (CCE-9857)
fail 9. Disable unpacking and installation of gadgets that are not digitally signed (CCE-10811)
fail 10. Turn Off User Installed Windows Sidebar Gidgets (CCE-10586)
fail 11. Maximum Application Log Size (CCE-9603)
fail 12. Maximum Security Log Size (CCE-9967)
fail 13. Maximum Setup Log Size (CCE-10714)
fail 14. Maximum Setup Log Size (CCE-10156)
fail 15. Turn Off Downloading of Game Information (CCE-10828)
fail 16. Turn off game updates (CCE-10850)
fail 17. Prevent the computer from joining a Homegroup (CCE-10183)
fail 18. Disable remote desktop sharing (CCE-10763)
fail 19. Do not allow passwords to be saved (CCE-10090)
fail 20. Allow users to connect remotely using Remote Desktop Services (CCE-9985)
fail 21. Always prompt client for password upon connection (CCE-10103)
fail 22. Set client connection encryption level (CCE-9764)
pass 23. Set a time limit for active but idle Terminal Services sessions (CCE-10608)
pass 24. Set a time limit for disconnected sessions (CCE-9858)
fail 25. Do not delete temp folders upon exit (CCE-10856)
fail 26. Do not use temporary folders per session (CCE-9864)
fail 27. Turn off downloading of enclosures (CCE-10730)
fail 28. Allow indexing of encrypted files (CCE-10496)
fail 29. Enable indexing uncached Exchange folders (CCE-9866)
fail 30. Prevent Windows anytime upgrade from running (CCE-10137)
pass 31. Configure Microsoft SpyNet Reporting (CCE-9868)
fail 32. Disable Logging (CCE-10157)
fail 33. Disable Windows Error Reporting (CCE-9914)
fail 34. Display Error Notification (CCE-10709)
fail 35. Do Not Send Additional Data (CCE-10824)
fail 36. Turn off data execution prevention for explorer (CCE-9918)
fail 37. Turn off Heap termination on corruption (CCE-9874)
fail 38. Turn off shell protocol protected mode (CCE-10623)
fail 39. Disable IE security prompt for Windows Installer scripts (CCE-9875)
fail 40. Enable user control over installs (CCE-9876)
fail 41. Prohibit non-administrators from applying vendor signed updates (CCE-9888)
fail 42. Report Logon Server Not Available During User logon (CCE-9907)
fail 43. Turn off the communities features (CCE-11252)
fail 44. windows_mail_application_manual_launch_permitted_var (CCE-10882)
fail 45. Prevent Windows Media DRM Internet Access (CCE-9908)
fail 46. Do Not Show First Use Dialog Boxes (CCE-10692)
fail 47. Prevent Automatic Updates (CCE-10602)
fail 48. Configure automatic updates (CCE-9403)
fail 49. Reschedule automatic updates scheduled installation (CCE-10205)
fail 50. No auto restart with logged on users for scheduled automatic updates installations (CCE-9672)
fail 51. Do not display 'Install updates and shut down option' in shut down windows dialog box (CCE-9464)
pass 52. Games are not installed
pass 53. Internet Information Services
pass 54. Simple TCPIP Services
pass 55. Telnet Client
pass 56. Telnet Server
pass 57. TFTP Client
fail 58. Windows Media Center
fail + Security Patches Section Score: 0.00 of 0.63
fail 1. Security Patches Up-To-Date
fail + Windows Firewall Inbound Rules Section Score: 0.00 of 0.63
fail 1. Core Networking - Dynamic Host Configuration Protocol (DHCP-In) (CCE-14986)
fail 2. Core Networking - Dynamic Host Configuration Protocol (DHCPV6-In) (CCE-14854)
fail + Windows Firewall with Advanced Security - Domain Profile Section Score: 0.00 of 0.63
fail 1. Log Dropped Packets (CCE-10502)
fail 2. Logged Successful Connections (CCE-10268)
fail 3. Name (CCE-10022)
fail 4. Size Limit (CCE-9747)
fail 5. Display a Notification (CCE-9774)
fail 6. Apply Local Connection Security Rules (CCE-9329)
fail 7. Apply Local Firewall Rules (CCE-9686)
fail 8. Allow Unicast Response (CCE-9069)
fail 9. Firewall state (CCE-9465)
fail 10. Inbound Connections (CCE-9620)
fail 11. Outbound Connections (CCE-9509)
fail + Windows Firewall with Advanced Security - Private Profile Section Score: 0.00 of 0.63
fail 1. Log Dropped Packets (CCE-10215)
fail 2. Logged Successful Connections (CCE-10611)
fail 3. Name (CCE-10386)
fail 4. Size Limit (CCE-10250)
fail 5. Display a Notification (CCE-8884)
fail 6. Apply Local Connection Security Rules (CCE-9712)
fail 7. Apply Local Firewall Rules (CCE-9663)
fail 8. Allow Unicast Response (CCE-9522)
fail 9. Firewall state (CCE-9739)
fail 10. Inbound Connections (CCE-9694)
fail 11. Outbound Connections (CCE-8870)
fail + Windows Firewall with Advanced Security - Public Profile Section Score: 0.00 of 0.63
fail 1. Log Dropped Packets (CCE-9749)
fail 2. Logged Successful Connections (CCE-9753)
fail 3. Name (CCE-9926)
fail 4. Size Limit (CCE-10373)
fail 5. Display a Notification (CCE-9742)
fail 6. Apply Local Connection Security Rules (CCE-9817)
fail 7. Apply Local Firewall Rules (CCE-9786)
fail 8. Allow Unicast Response (CCE-9773)
fail 9. Firewall state (CCE-9593)
fail 10. Inbound Connections (CCE-9007)
fail 11. Outbound Connections (CCE-9588)
fail + Internet Explorer 8 - Local Computer Policy Section Score: 0.00 of 0.63
fail 1. Disable Configuring History - Local Computer (CCE-10387)
fail 2. Disable Changing Automatic Configuration Settings - Local Computer (CCE-10638)
pass 3. Do Not Allow Users to enable or Disable Add-Ons - Local Computer (CCE-10235)
fail 4. Make proxy settings per-machine (rather than per-user) - Local Computer (CCE-9870)
fail 5. Prevent participation in the Customer Experience Improvement Programs - Local Computer (CCE-10522)
fail 6. Prevent performance of First Run Customize settings - Local Computer (CCE-10641)
fail 7. Security Zones: Do Not Allow Users to Add/Delete Sites - Local Computer (CCE-10394)
fail 8. Security Zones: Do Not Allow Users to Change Policies - Local Computer (CCE-10037)
fail 9. Security Zones: Use Only Machine Settings - Local Computer (CCE-10096)
fail 10. Turn Off Crash Detection - Local Computer (CCE-10594)
fail 11. Turn Off Managing SmartScreen Filter - Local Computer (CCE-9973)
fail 12. Turn Off the Security Settings Check Feature - Local Computer (CCE-10607)
fail 13. Include updated Web site lists from Microsoft - Local Computer (CCE-10603)
fail 14. Configure Delete Browsing History on exit - Local Computer (CCE-10590)
fail 15. Prevent Deleting Web sites that the User has Visited - Local Computer (CCE-10110)
fail 16. Turn off InPrivate Browsing - Local Computer (CCE-9885)
fail 17. Allow Active Content from CDs to Run on User Machine - Local Computer (CCE-10293)
fail 18. Allow Software to Run or Install Even if the Signature is Invalid - Local Computer (CCE-10052)
fail 19. Allow Third-Party Browser Extensions - Local Computer (CCE-9905)
fail 20. Automatically Check for Internet Explorer Updates - Local Computer (CCE-10581)
fail 21. Check for Server Certificate Revocation - Local Computer (CCE-10074)
fail 22. Check for signatures on downloaded programs - Local Computer - variable (CCE-10055)
fail 23. Intranet Sites: Include all network paths (UNCs) - Local Computer (CCE-9660)
fail 24. Access Data Sources Across Domains - Internet Zone - Local Computer (CCE-10380)
fail 25. Allow cut, copy or paste operations from the clipboard via script - Internet Zone - Local Computer (CCE-10002)
fail 26. Allow drag and drop or copy and paste files - Internet Zone - Local Computer (CCE-10033)
fail 27. Allow Font Downloads - Internet Zone - Local Computer (CCE-10403)
fail 28. Allow installation of desktop items - Internet Zone - Local Computer (CCE-9790)
fail 29. Allow scripting of Internet Explorer web browser control - Internet Zone - Local Computer (CCE-9779)
fail 30. Allow script-initiated windows without size or position constraints - Internet Zone - Local Computer (CCE-9882)
fail 31. Allow Scriptlets - Internet Zone - Local Computer (CCE-10685)
pass 32. Allow status bar updates via script - Internet Zone - Local Computer (CCE-9750)
fail 33. Automatic prompting for file downloads - Internet Zone - Local Computer (CCE-10389)
fail 34. Download signed ActiveX controls - Internet Zone - Local Computer (CCE-9917)
fail 35. Download unsigned ActiveX controls - Internet Zone - Local Computer (CCE-10433)
fail 36. Include local directory path when uploading files to a server - Internet Zone - Local Computer (CCE-10646)
fail 37. Initialize and script ActiveX controls not marked as safe - Internet Zone - Local Computer (CCE-10561)
fail 38. Java permissions - Internet Zone - Local Computer (CCE-10182)
fail 39. Launching applications and files in an IFRAME - Internet Zone - Local Computer (CCE-9821)
fail 40. Launching programs and unsafe files - Internet Zone - Local Computer (CCE-10650)
fail 41. Logon Options - Internet Zone - Local Computer (CCE-10472)
fail 42. Loose XAML files - Internet Zone - Local Computer (CCE-10672)
pass 43. Navigate windows and frames across different domains - Internet Zone - Local Computer (CCE-9865)
fail 44. Only allow approved domains to use ActiveX controls without prompt - Internet Zone - Local Computer (CCE-9793)
fail 45. Open files based on content, not file extension - Internet Zone - Local Computer (CCE-10107)
fail 46. Run .NET Framework-reliant components not signed with Authenticode - Internet Zone - Local Computer (CCE-10515)
fail 47. Run .NET Framework-reliant components signed with Authenticode - Internet Zone - Local Computer (CCE-10625)
fail 48. Software channel permissions - Internet Zone - Local Computer (CCE-10425)
fail 49. Turn Off First-Run Opt-In - Internet Zone - Local Computer (CCE-10434)
fail 50. Turn on Cross-Site Scripting (XSS) Filter - Internet Zone - Local Computer (CCE-10276)
fail 51. Turn On Protected Mode - Internet Zone - Local Computer (CCE-10676)
fail 52. Use Pop-up Blocker - Internet Zone - Local Computer (CCE-10486)
fail 53. Userdata Persistence - Internet Zone - Local Computer (CCE-10200)
fail 54. Web sites in less privileged Web content zones can navigate into this zone - Internet Zone - Local Computer (CCE-10622)
fail 55. Java permissions - Intranet Zone - Local Computer (CCE-10566)
fail 56. Java permissions - Local Machine Zone - Local Computer (CCE-10319)
fail 57. Download Signed ActiveX Controls - Locked Down Internet Zone - Local Computer (CCE-10095)
fail 58. Java permissions - Locked Down Internet Zone - Local Computer (CCE-10597)
fail 59. Java permissions - Locked Down Intranet Zone - Local Computer (CCE-10342)
fail 60. Java permissions - Locked Down Local Machine - Local Computer (CCE-10535)
fail 61. Java permissions - Locked Down Restricted Sites Zone - Local Computer (CCE-10275)
fail 62. Java permissions - Locked Down Trusted Sites Zone - Local Computer (CCE-10654)
fail 63. Access Data Sources Across Domains - Restricted Sites Zone - Local Computer (CCE-10525)
fail 64. Allow Active Scripting - Restricted Sites Zone - Local Computer (CCE-10393)
fail 65. Allow Binary and Script Behaviors - Restricted Sites Zone - Local Computer (CCE-10547)
fail 66. Allow cut, copy or paste operations from the clipboard via script - Restricted SitesZone - Local Computer (CCE-10539)
fail 67. Allow drag and drop or copy and paste files - Restricted Sites Zone - Local Computer (CCE-9667)
fail 68. Allow File Downloads - Restricted Sites Zone - Local Computer (CCE-10466)
fail 69. Allow Font Downloads - Restricted Sites Zone - Local Computer (CCE-9982)
fail 70. Allow installation of desktop items - Restricted Sites Zone - Local Computer (CCE-10475)
fail 71. Allow scripting of Internet Explorer web browser control - Restricted Sites Zone - Local Computer (CCE-10725)
fail 72. Allow META REFRESH - Restricted Sites Zone - Local Computer (CCE-10664)
fail 73. Allow script-initiated windows without size or position constraints - Restricted Sites Zone - Local Computer (CCE-9814)
fail 74. Allow Scriptlets - Restricted Sites Zone - Local Computer (CCE-10630)
fail 75. Allow status bar updates via script - Restricted Sites Zone - Local Computer (CCE-10431)
fail 76. Automatic prompting for file downloads - Restricted Sites Zone - Local Computer (CCE-9959)
fail 77. Download signed ActiveX controls - Restricted Sites Zone - Local Computer (CCE-10470)
fail 78. Download unsigned ActiveX controls - Restricted Sites Zone - Local Computer (CCE-10461)
fail 79. Include local directory path when uploading files to a server - Restricted Sites Zone - Local Computer (CCE-9781)
fail 80. Initialize and script ActiveX controls not marked as safe - Restricted Sites Zone - Local Computer (CCE-10347)
fail 81. Java permissions - Restricted Sites Zone - Local Computer (CCE-10620)
fail 82. Launching applications and files in an IFRAME - Restricted Sites Zone - Local Computer (CCE-10360)
fail 83. Launching programs and unsafe files - Restricted Sites Zone - Local Computer (CCE-10744)
fail 84. Logon Options - Restricted Sites Zone - Local Computer (CCE-10651)
fail 85. Loose XAML files - Restricted Sites Zone - Local Computer (CCE-10178)
fail 86. Navigate sub-frames across different domains - Restricted Sites Zone - Local Computer (CCE-10642)
fail 87. Only allow approved domains to use ActiveX controls without prompt - Restricted Sites Zone - Local Computer (CCE-9832)
fail 88. Open files based on content, not file extension - Restricted Sites Zone - Local Computer (CCE-10277)
fail 89. Run .NET Framework-reliant components not signed with Authenticode - Restricted Sites Zone - Local Computer (CCE-9898)
fail 90. Run .NET Framework-reliant components signed with Authenticode - Restricted Sites Zone - Local Computer (CCE-9673)
fail 91. Run ActiveX controls and plugins - Restricted Sites Zone - Local Computer (CCE-9792)
fail 92. Script ActiveX controls marked safe for scripting - Restricted Sites Zone - Local Computer (CCE-10554)
fail 93. Scripting of Java Applets - Restricted Sites Zone - Local Computer (CCE-10083)
fail 94. Software channel permissions - Restricted Sites Zone - Local Computer (CCE-9669)
fail 95. Turn Off First-Run Opt-In - Restricted Sites Zone - Local Computer (CCE-10420)
fail 96. Turn on Cross-Site Scripting (XSS) Filter - Restricted Sites Zone - Local Computer (CCE-10105)
fail 97. Turn On Protected Mode - Restricted Sites Zone - Local Computer (CCE-9945)
fail 98. Use Pop-up Blocker - Restricted Sites Zone - Local Computer (CCE-10094)
fail 99. Userdata Persistence - Restricted Sites Zone - Local Computer (CCE-9760)
fail 100. Web sites in less privileged Web content zones can navigate into this zone - Restricted Sites Zone - Local Computer (CCE-10609)
fail 101. Java permissions - Trusted Sites Zone - Local Computer (CCE-10696)
fail 102. Turn Off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools - Local Computer (CCE-10595)
fail 103. Turn Off Configuring the Update Check Interval (In Days) - Local Computer (CCE-9776)
fail 104. Internet Explorer Processes - Consistent Mime Handling - Local Computer (CCE-10138)
fail 105. Internet Explorer Processes - Mime Sniffing Safety Feature - Local Computer (CCE-10635)
fail 106. Internet Explorer Processes - MK Protocol Security Restriction - Local Computer (CCE-10265)
fail 107. Internet Explorer Processes - Protection From Zone Elevation - Local Computer (CCE-10574)
fail 108. Internet Explorer Processes - Restrict ActiveX Install - Local Computer (CCE-10405)
fail 109. Internet Explorer Processes - Restrict File Download - Local Computer (CCE-10578)
fail 110. Internet Explorer Processes - Scripted Window Security Restrictions - Local Computer (CCE-10604)
Copyright 2000-2016, Belarc, Inc. All rights reserved.
Legal notice. U.S. Patents 8473607, 6085229, 5665951 and Patents pending.