HardeningKitty Audit Report

IDCategoryNameSeverityResultRecommendedTestResultSeverityFinding
1000FeaturesSMBv1 SupportPassedDisabledDisabledPassedHigh
1103Account PoliciesStore passwords using reversible encryptionPassed00PassedHigh
1101Account PoliciesAccount lockout durationPassed3015PassedLow
1100Account PoliciesAccount lockout thresholdLowNever10FailedLow
1104Account PoliciesAllow Administrator account lockoutMedium1FailedMedium
1102Account PoliciesReset account lockout counterPassed3015PassedLow
1200User Rights AssignmentAccess this computer from the networkMediumEveryone;BUILTIN\Administrators;BUILTIN\Users;BUILTIN\Backup OperatorsBUILTIN\AdministratorsFailedMedium
1201User Rights AssignmentAllow log on locallyMediumGuest;BUILTIN\Administrators;BUILTIN\Users;BUILTIN\Backup OperatorsBUILTIN\Users;BUILTIN\AdministratorsFailedMedium
1202User Rights AssignmentDebug programsMediumBUILTIN\AdministratorsFailedMedium
1203User Rights AssignmentDeny access to this computer from the networkMediumGuestBUILTIN\Guests;NT AUTHORITY\Local accountFailedMedium
1204User Rights AssignmentDeny log on as a batch jobMediumBUILTIN\GuestsFailedMedium
1205User Rights AssignmentDeny log on as a serviceMediumBUILTIN\GuestsFailedMedium
1206User Rights AssignmentDeny log on through Remote Desktop ServicesMediumBUILTIN\Guests;NT AUTHORITY\Local accountFailedMedium
1300Security OptionsAccounts: Block Microsoft accountsLow03FailedLow
1301Security OptionsAudit: Force audit policy subcategory settings to override audit policy category settingsPassed11PassedLow
1302Security OptionsInteractive logon: Do not require CTRL+ALT+DELLow10FailedLow
1303Security OptionsInteractive logon: Don't display last signed-inLow01FailedLow
1304Security OptionsInteractive logon: Don't display username at sign-inLow01FailedLow
1305Security OptionsMicrosoft network client: Digitally sign communications (always)Medium01FailedMedium
1306Security OptionsMicrosoft network client: Digitally sign communications (if server agrees)Passed11PassedMedium
1307Security OptionsMicrosoft network server: Digitally sign communications (always)Medium01FailedMedium
1308Security OptionsMicrosoft network server: Digitally sign communications (if client agrees)Medium01FailedMedium
1309Security OptionsNetwork access: Do not allow anonymous enumeration of SAM accountsPassed11PassedMedium
1310Security OptionsNetwork access: Do not allow anonymous enumeration of SAM accounts and sharesMedium01FailedMedium
1311Security OptionsNetwork access: Do not allow storage of passwords and credentials for network authenticationMedium01FailedMedium
1324Security OptionsNetwork access: Restrict anonymous access to Named Pipes and SharesPassed11PassedMedium
1325Security OptionsNetwork access: Restrict clients allowed to make remote calls to SAMMediumO:BAG:BAD:(A;;RC;;;BA)FailedMedium
1312Security OptionsNetwork security: Allow LocalSystem NULL session fallbackPassed00PassedMedium
1326Security OptionsNetwork security: Do not store LAN Manager hash value on next password changePassed11PassedHigh
1313Security OptionsNetwork security: LAN Manager authentication levelMedium35FailedMedium
1314Security OptionsNetwork security: LDAP client signing requirementsPassed11PassedMedium
1315Security OptionsNetwork security: Minimum session security for NTLM SSP based (including secure RPC) clientsMedium536870912537395200FailedMedium
1316Security OptionsNetwork security: Minimum session security for NTLM SSP based (including secure RPC) serversMedium536870912537395200FailedMedium
1317Security OptionsNetwork security: Restrict NTLM: Audit Incoming NTLM TrafficMedium02FailedMedium
1318Security OptionsNetwork security: Restrict NTLM: Audit NTLM authentication in this domainMedium07FailedMedium
1319Security OptionsNetwork security: Restrict NTLM: Outgoing NTLM traffic to remote serversMedium01FailedMedium
1320Security OptionsShutdown: Allow system to be shut down without having to log onMedium10FailedMedium
1321Security OptionsUser Account Control: Admin Approval Mode for the Built-in Administrator accountMedium01FailedMedium
1322Security OptionsUser Account Control: Behavior of the elevation prompt for administrators in Admin Approval ModeMedium02FailedMedium
1323Security OptionsUser Account Control: Behavior of the elevation prompt for standard usersMedium31FailedMedium
1400Windows FirewallEnableFirewall (Domain Profile, Policy)Medium01FailedMedium
1418Windows FirewallEnableFirewall (Domain Profile)Passed11PassedMedium
1401Windows FirewallInbound Connections (Domain Profile, Policy)Passed11PassedMedium
1419Windows FirewallInbound Connections (Domain Profile)Passed11PassedMedium
1402Windows FirewallOutbound Connections (Domain Profile, Policy)Passed00PassedMedium
1420Windows FirewallOutbound Connections (Domain Profile)Passed00PassedMedium
1403Windows FirewallLog size limit (Domain Profile, Policy)Medium409616384FailedMedium
1421Windows FirewallLog size limit (Domain Profile)Medium409616384FailedMedium
1404Windows FirewallLog dropped packets (Domain Profile, Policy)Medium01FailedMedium
1422Windows FirewallLog dropped packets (Domain Profile)Medium01FailedMedium
1405Windows FirewallLog successful connections (Domain Profile, Policy)Low01FailedLow
1423Windows FirewallLog successful connections (Domain Profile)Low01FailedLow
1406Windows FirewallEnableFirewall (Private Profile, Policy)Medium01FailedMedium
1424Windows FirewallEnableFirewall (Private Profile)Passed11PassedMedium
1407Windows FirewallInbound Connections (Private Profile, Policy)Passed11PassedMedium
1425Windows FirewallInbound Connections (Private Profile)Passed11PassedMedium
1408Windows FirewallOutbound Connections (Private Profile, Policy)Passed00PassedMedium
1426Windows FirewallOutbound Connections (Private Profile)Passed00PassedMedium
1409Windows FirewallLog size limit (Private Profile, Policy)Medium409616384FailedMedium
1427Windows FirewallLog size limit (Private Profile)Medium409616384FailedMedium
1410Windows FirewallLog dropped packets (Private Profile, Policy)Medium01FailedMedium
1428Windows FirewallLog dropped packets (Private Profile)Medium01FailedMedium
1411Windows FirewallLog successful connections (Private Profile, Policy)Low01FailedLow
1429Windows FirewallLog successful connections (Private Profile)Low01FailedLow
1412Windows FirewallEnableFirewall (Public Profile, Policy)Medium01FailedMedium
1430Windows FirewallEnableFirewall (Public Profile)Passed11PassedMedium
1413Windows FirewallInbound Connections (Public Profile, Policy)Passed11PassedMedium
1431Windows FirewallInbound Connections (Public Profile)Passed11PassedMedium
1414Windows FirewallOutbound Connections (Public Profile, Policy)Passed00PassedMedium
1432Windows FirewallOutbound Connections (Public Profile)Passed00PassedMedium
1415Windows FirewallLog size limit (Public Profile, Policy)Medium409616384FailedMedium
1433Windows FirewallLog size limit (Public Profile)Medium409616384FailedMedium
1416Windows FirewallLog dropped packets (Public Profile, Policy)Medium01FailedMedium
1434Windows FirewallLog dropped packets (Public Profile)Medium01FailedMedium
1417Windows FirewallLog successful connections (Public Profile, Policy)Low01FailedLow
1435Windows FirewallLog successful connections (Public Profile)Low01FailedLow
1500Advanced Audit Policy ConfigurationCredential ValidationLowNo AuditingSuccess and FailureFailedLow
1501Advanced Audit Policy ConfigurationSecurity Group ManagementPassedSuccessSuccessPassedLow
1502Advanced Audit Policy ConfigurationUser Account ManagementLowSuccessSuccess and FailureFailedLow
1503Advanced Audit Policy ConfigurationDPAPI ActivityLowNo AuditingSuccess and FailureFailedLow
1504Advanced Audit Policy ConfigurationPlug and Play EventsLowNo AuditingSuccessFailedLow
1505Advanced Audit Policy ConfigurationProcess CreationLowNo AuditingSuccessFailedLow
1506Advanced Audit Policy ConfigurationAccount LockoutLowSuccessFailureFailedLow
1507Advanced Audit Policy ConfigurationGroup MembershipLowNo AuditingSuccessFailedLow
1508Advanced Audit Policy ConfigurationLogonPassedSuccess and FailureSuccess and FailurePassedLow
1509Advanced Audit Policy ConfigurationOther Logon/Logoff EventsLowNo AuditingSuccess and FailureFailedLow
1510Advanced Audit Policy ConfigurationSpecial LogonPassedSuccessSuccessPassedLow
1511Advanced Audit Policy ConfigurationDetailed File ShareLowNo AuditingFailureFailedLow
1512Advanced Audit Policy ConfigurationFile ShareLowNo AuditingSuccess and FailureFailedLow
1513Advanced Audit Policy ConfigurationKernel ObjectLowNo AuditingSuccess and FailureFailedLow
1514Advanced Audit Policy ConfigurationOther Object Access EventsLowNo AuditingSuccess and FailureFailedLow
1515Advanced Audit Policy ConfigurationRemovable StorageLowNo AuditingSuccess and FailureFailedLow
1516Advanced Audit Policy ConfigurationSAMLowNo AuditingSuccess and FailureFailedLow
1517Advanced Audit Policy ConfigurationAudit Policy ChangePassedSuccessSuccessPassedLow
1518Advanced Audit Policy ConfigurationAuthentication Policy ChangePassedSuccessSuccessPassedLow
1519Advanced Audit Policy ConfigurationMPSSVC Rule-Level Policy ChangeLowNo AuditingSuccess and FailureFailedLow
1520Advanced Audit Policy ConfigurationOther Policy Change EventsLowNo AuditingFailureFailedLow
1521Advanced Audit Policy ConfigurationSensitive Privilege UseLowNo AuditingSuccess and FailureFailedLow
1522Advanced Audit Policy ConfigurationOther System EventsPassedSuccess and FailureSuccess and FailurePassedLow
1523Advanced Audit Policy ConfigurationSecurity State ChangePassedSuccessSuccessPassedLow
1524Advanced Audit Policy ConfigurationSecurity System ExtensionLowNo AuditingSuccessFailedLow
1525Advanced Audit Policy ConfigurationSystem IntegrityPassedSuccess and FailureSuccess and FailurePassedLow
1600Administrative Templates: Control PanelPersonalization: Prevent enabling lock screen cameraLow01FailedLow
1601Administrative Templates: NetworkDNS Client: Turn off multicast name resolution (LLMNR)Medium10FailedMedium
1602Administrative Templates: NetworkLanman Workstation: Enable insecure guest logonsMedium10FailedMedium
1603Administrative Templates: NetworkTurn off Microsoft Peer-to-Peer Networking ServicesMedium01FailedMedium
1604Administrative Templates: NetworkWLAN Settings: Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid servicesMedium10FailedMedium
2108Administrative Templates: PowerShellCoreTurn on PowerShell Module LoggingLow01FailedLow
2109Administrative Templates: PowerShellCoreTurn on PowerShell Module Logging (PowerShell Policy)Low01FailedLow
2110Administrative Templates: PowerShellCoreTurn on PowerShell Module Logging - Module NamesLow*FailedLow
2111Administrative Templates: PowerShellCoreTurn on PowerShell Script Block LoggingMedium01FailedMedium
2112Administrative Templates: PowerShellCoreTurn on PowerShell Script Block Logging (Invocation)Low01FailedLow
2113Administrative Templates: PowerShellCoreTurn on PowerShell Script Block Logging (PowerShell Policy)Low01FailedLow
2116Administrative Templates: PowerShellCoreTurn on PowerShell TranscriptionLow01FailedLow
2114Administrative Templates: PowerShellCoreTurn on PowerShell Transcription (Invocation)Low01FailedLow
2115Administrative Templates: PowerShellCoreTurn on PowerShell Transcription (PowerShell Policy)Medium01FailedMedium
1772Administrative Templates: PrintersConfigure Redirection GuardMedium1FailedMedium
1768Administrative Templates: PrintersOnly use Package Point and Print (CVE-2021-36958)Medium1FailedMedium
1769Administrative Templates: PrintersPackage Point and Print - Approved servers (CVE-2021-36958)Medium1FailedMedium
1764Administrative Templates: PrintersPoint and Print Restrictions: When installing drivers for a new connection (CVE-2021-34527)Passed00PassedHigh
1765Administrative Templates: PrintersPoint and Print Restrictions: When updating drivers for an existing connection (CVE-2021-34527)Passed00PassedHigh
1771Administrative Templates: Start Menu and TaskbarNotifications: Turn off notifications network usageMedium01FailedMedium
1605Administrative Templates: SystemCredentials Delegation: Allow delegation default credentialsMedium10FailedMedium
1606Administrative Templates: SystemCredentials Delegation: Encryption Oracle RemediationPassed00PassedMedium
1699Administrative Templates: SystemCredentials Delegation: Remote host allows delegation of non-exportable credentialsMedium01FailedMedium
1607Administrative Templates: SystemDevice Installation: Device Installation Restrictions: Prevent installation of devices that match an IDMedium01FailedMedium
1608Administrative Templates: SystemDevice Installation: Device Installation Restrictions: Prevent installation of devices that match an ID (Retroactive)Medium01FailedMedium
1609Administrative Templates: SystemDevice Installation: Device Installation Restrictions: Prevent installation of devices that match ID PCI\CC_0C0010 (Firewire)Medium0PCI\CC_0C0010FailedMedium
1610Administrative Templates: SystemDevice Installation: Device Installation Restrictions: Prevent installation of devices that match ID PCI\CC_0C0A (Thunderbolt)Medium0PCI\CC_0C0AFailedMedium
1611Administrative Templates: SystemDevice Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match an device setup classMedium01FailedMedium
1612Administrative Templates: SystemDevice Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match an device setup class (Retroactive)Medium01FailedMedium
1613Administrative Templates: SystemDevice Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match d48179be-ec20-11d1-b6b8-00c04fa372a7 (SBP-2 drive)Medium0d48179be-ec20-11d1-b6b8-00c04fa372a7FailedMedium
1614Administrative Templates: SystemDevice Guard: Virtualization Based Security StatusMediumNot available2FailedMedium
1615Administrative Templates: SystemDevice Guard: Available Security Properties: Secure BootMediumNot available2FailedMedium
1616Administrative Templates: SystemDevice Guard: Available Security Properties: DMA protectionMediumNot available3FailedMedium
1617Administrative Templates: SystemDevice Guard: Security Services Configured: Credential GuardMediumNot available1FailedMedium
1619Administrative Templates: SystemDevice Guard: Security Services Running: Credential GuardMediumNot available1FailedMedium
1618Administrative Templates: SystemDevice Guard: Security Services Configured: HVCIMediumNot available2FailedMedium
1620Administrative Templates: SystemDevice Guard: Security Services Running: HVCIMediumNot available2FailedMedium
1623Administrative Templates: SystemDevice Guard: Require UEFI Memory Attributes Table (Policy)Medium1FailedMedium
1621Administrative Templates: SystemDevice Guard: Secure Launch Configuration (Policy)Medium01FailedMedium
1622Administrative Templates: SystemDevice Guard: Windows Defender Application Control deployed (Policy)Medium01FailedMedium
1630Administrative Templates: SystemEarly Launch Antimalware: Boot-Start Driver Initialization PolicyMedium03FailedMedium
1631Administrative Templates: SystemGroup Policy: Process even if the Group Policy objects have not changedLow10FailedLow
1632Administrative Templates: SystemGroup Policy: Do not apply during periodic background processingPassed00PassedLow
1640Administrative Templates: SystemInternet Communication Management: Internet Communication settings: Turn off the Windows Messenger Customer Experience Improvement ProgramMedium02FailedMedium
1641Administrative Templates: SystemInternet Communication Management: Internet Communication settings: Turn off downloading of print drivers over HTTPMedium01FailedMedium
1642Administrative Templates: SystemInternet Communication Management: Internet Communication settings: Turn off Windows Error Reporting 1Medium10FailedMedium
1643Administrative Templates: SystemInternet Communication Management: Internet Communication settings: Turn off Windows Error Reporting 2Passed11PassedMedium
1644Administrative Templates: SystemInternet Communication Management: Internet Communication settings: Turn off Internet download for Web publishing and online ordering wizardsMedium01FailedMedium
1645Administrative Templates: SystemInternet Communication Management: Internet Communication settings: Turn off Windows Customer Experience Improvement ProgramPassed00PassedMedium
1650Administrative Templates: SystemKernel DMA Protection: Enumeration policy for external devices incompatible with Kernel DMA ProtectionMedium20FailedMedium
1660Administrative Templates: SystemLogon: Turn on convenience PIN sign-inMedium10FailedMedium
1661Administrative Templates: SystemLogon: Turn off app notifications on the lock screenMedium01FailedMedium
1662Administrative Templates: SystemLogon: Do not display network selection UIMedium01FailedMedium
1670Administrative Templates: SystemMitigation Options: Untrusted Font BlockingMedium01000000000000FailedMedium
1680Administrative Templates: SystemOS Policies: Allow Clipboard synchronization across devicesMedium10FailedMedium
1685Administrative Templates: SystemSleep Settings: Require a password when a computer wakes (plugged in)Medium01FailedMedium
1686Administrative Templates: SystemSleep Settings: Require a password when a computer wakes (on battery)Medium01FailedMedium
1687Administrative Templates: SystemSleep Settings: Allow standby states (S1-S3) when sleeping (plugged in)Medium10FailedMedium
1688Administrative Templates: SystemSleep Settings: Allow standby states (S1-S3) when sleeping (on battery)Medium10FailedMedium
1690Administrative Templates: SystemRemote Assistance: Configure Offer Remote AssistanceMedium10FailedMedium
1691Administrative Templates: SystemRemote Assistance: Configure Solicited Remote AssistanceMedium10FailedMedium
1692Administrative Templates: SystemRemote Procedure Call: Enable RPC Endpoint Mapper Client AuthenticationMedium01FailedMedium
1693Administrative Templates: SystemRemote Procedure Call: Restrict Unauthenticated RPC clientsMedium02FailedMedium
1694Administrative Templates: SystemSecurity Settings: Enable svchost.exe mitigation optionsMedium01FailedMedium
1695Administrative Templates: SystemWindows Performance PerfTrack: Enable/Disable PerfTrackMedium10FailedMedium
1696Administrative Templates: SystemUser Profiles: Turn off the advertising IDMedium01FailedMedium
1697Administrative Templates: SystemTime Providers: Enable Windows NTP ClientMedium01FailedMedium
1698Administrative Templates: SystemTime Providers: Enable Windows NTP ServerPassed00PassedMedium
1700Administrative Templates: Windows ComponentsApp Package Deployment: Allow a Windows app to share application data between usersMedium10FailedMedium
1701Administrative Templates: Windows ComponentsApp Privacy: Let Windows apps activate with voice while the system is lockedMedium02FailedMedium
1702Administrative Templates: Windows ComponentsApp runtime: Block launching Universal Windows apps with Windows Runtime API access from hosted contentMedium01FailedMedium
1703Administrative Templates: Windows ComponentsApplication Compatibility: Turn off Application TelemetryMedium10FailedMedium
1704Administrative Templates: Windows ComponentsAutoPlay Policies: Turn off AutoplayMedium0255FailedMedium
1705Administrative Templates: Windows ComponentsAutoPlay Policies: Disallow Autoplay for non-volume devicesMedium01FailedMedium
1706Administrative Templates: Windows ComponentsAutoPlay Policies: Set the default behavior for AutoRunMedium01FailedMedium
1707Administrative Templates: Windows ComponentsBiometrics: Allow the use of biometricsMedium10FailedMedium
1773Administrative Templates: Windows ComponentsBiometrics: Facial Features: Configure enhanced anti-spoofingMedium1FailedMedium
1708Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Volume statusHighFullyDecryptedFullyEncryptedFailedHigh
1761Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Choose drive encryption method and cipher strength (for operating system drives)Passed66PassedMedium
1762Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Drive encryption method (for operating system drives)MediumNoneXtsAes128FailedMedium
1709Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Disable new DMA devices when this computer is lockedMedium01FailedMedium
1710Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Operating System Drives: Allow Secure Boot for integrity validationMedium01FailedMedium
1711Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Operating System Drives: Require additional authentication at startupMedium01FailedMedium
1715Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Allow BitLocker without a compatible TPMMedium10FailedMedium
1716Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startupPassed00PassedMedium
1717Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startup PINMedium01FailedMedium
1718Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startup keyPassed00PassedMedium
1719Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startup key and PINPassed00PassedMedium
1712Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Operating System Drives: Allow enhanced PINs for startupMedium01FailedMedium
1713Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Operating System Drives: Configure use of hardware-based encryption for operating system drivesPassed00PassedMedium
1763Administrative Templates: Windows ComponentsBitLocker Drive Encryption: Operating System Drives: Configure minimum PIN length for startupMedium8FailedMedium
1720Administrative Templates: Windows ComponentsCloud Content: Do not show Windows tipsMedium01FailedMedium
1721Administrative Templates: Windows ComponentsCloud Content: Turn off Microsoft consumer experiencesPassed11PassedMedium
1722Administrative Templates: Windows ComponentsCredential User Interface: Do not display the password reveal buttonMedium01FailedMedium
1724Administrative Templates: Windows ComponentsCredential User Interface: Enumerate administrator accounts on elevationMedium10FailedMedium
1725Administrative Templates: Windows ComponentsData Collection and Preview Builds: Allow Diagnostic DataPassed01PassedMedium
1726Administrative Templates: Windows ComponentsData Collection and Preview Builds: Allow device name to be sent in Windows diagnostic dataMedium10FailedMedium
1727Administrative Templates: Windows ComponentsDelivery Optimization: Download ModeMedium199FailedMedium
1728Administrative Templates: Windows ComponentsEvent Log Service: Application: Specify the maximum log file size (KB)Medium409632768FailedMedium
1729Administrative Templates: Windows ComponentsEvent Log Service: Security: Specify the maximum log file size (KB)Medium4096196608FailedMedium
1730Administrative Templates: Windows ComponentsEvent Log Service: System: Specify the maximum log file size (KB)Medium409632768FailedMedium
1774Administrative Templates: Windows ComponentsEvent Log Service: Microsoft-Windows-PowerShell/Operational: Specify the maximum log file size (KB)Medium15728640268435456FailedMedium
1775Administrative Templates: Windows ComponentsEvent Log Service: PowerShellCore/Operational: Specify the maximum log file size (KB)Medium15728640268435456FailedMedium
1731Administrative Templates: Windows ComponentsFile Explorer: Allow the use of remote paths in file shortcut iconsPassed00PassedMedium
1732Administrative Templates: Windows ComponentsHomeGroup: Prevent the computer from joining a homegroupMedium01FailedMedium
1800Microsoft Defender AntivirusTurn off Microsoft Defender AntivirusPassed00PassedMedium
1826Microsoft Defender AntivirusEnable Tamper Protection (Status)MediumTrueFailedMedium
1801Microsoft Defender AntivirusConfigure detection for potentially unwanted applicationsMedium01FailedMedium
1806Microsoft Defender AntivirusExclusions: Extension Exclusions (Policy)PassedPassedMedium
1813Microsoft Defender AntivirusExclusions: Extension Exclusions (Intune)PassedPassedMedium
1807Microsoft Defender AntivirusExclusions: Extension ExclusionsPassedPassedMedium
1808Microsoft Defender AntivirusExclusions: Path Exclusions (Policy)PassedPassedMedium
1814Microsoft Defender AntivirusExclusions: Path Exclusions (Intune)PassedPassedMedium
1809Microsoft Defender AntivirusExclusions: Path ExclusionsPassedPassedMedium
1810Microsoft Defender AntivirusExclusions: Process Exclusions (Policy)PassedPassedMedium
1815Microsoft Defender AntivirusExclusions: Process Exclusions (Intune)PassedPassedMedium
1811Microsoft Defender AntivirusExclusions: Process ExclusionsPassedPassedMedium
1816Microsoft Defender AntivirusMAPS: Join Microsoft MAPSMedium02FailedMedium
1817Microsoft Defender AntivirusMAPS: Configure the 'Block at First Sight' featureMedium0FailedMedium
1818Microsoft Defender AntivirusMAPS: Send file samples when further analysis is requiredMedium0FailedMedium
1819Microsoft Defender AntivirusMpEngine: Enable file hash computation featureMedium1FailedMedium
1820Microsoft Defender AntivirusMpEngine: Select cloud protection levelMedium02FailedMedium
1821Microsoft Defender AntivirusReal-time Protection: Scan all downloaded files and attachmentsPassed00PassedMedium
1822Microsoft Defender AntivirusReal-time Protection: Turn off real-time protectionPassed00PassedMedium
1823Microsoft Defender AntivirusReal-time Protection: Turn on behavior monitoring (Policy)Passed00PassedMedium
1824Microsoft Defender AntivirusReal-time Protection: Turn on script scanningPassed00PassedMedium
1825Microsoft Defender AntivirusScan: Scan removable drivesMedium10FailedMedium
1812Microsoft Defender AntivirusEnable sandboxing for Microsoft Defender AntivirusMedium01FailedMedium
1900Microsoft Defender Exploit GuardAttack Surface Reduction rulesMedium01FailedMedium
1901Microsoft Defender Exploit GuardASR: Block executable content from email client and webmail (Policy)Medium01FailedMedium
1916Microsoft Defender Exploit GuardASR: Block executable content from email client and webmailMedium01FailedMedium
1933Microsoft Defender Exploit GuardASR: Block executable content from email client and webmail (Intune)Medium01FailedMedium
1902Microsoft Defender Exploit GuardASR: Block all Office applications from creating child processes (Policy)Medium01FailedMedium
1917Microsoft Defender Exploit GuardASR: Block all Office applications from creating child processesMedium01FailedMedium
1934Microsoft Defender Exploit GuardASR: Block all Office applications from creating child processes (Intune)Medium01FailedMedium
1903Microsoft Defender Exploit GuardASR: Block Office applications from creating executable content (Policy)Medium01FailedMedium
1918Microsoft Defender Exploit GuardASR: Block Office applications from creating executable contentMedium01FailedMedium
1935Microsoft Defender Exploit GuardASR: Block Office applications from creating executable content (Intune)Medium01FailedMedium
1904Microsoft Defender Exploit GuardASR: Block Office applications from injecting code into other processes (Policy)Medium01FailedMedium
1919Microsoft Defender Exploit GuardASR: Block Office applications from injecting code into other processesMedium01FailedMedium
1936Microsoft Defender Exploit GuardASR: Block Office applications from injecting code into other processes (Intune)Medium01FailedMedium
1905Microsoft Defender Exploit GuardASR: Block JavaScript or VBScript from launching downloaded executable content (Policy)Medium01FailedMedium
1920Microsoft Defender Exploit GuardASR: Block JavaScript or VBScript from launching downloaded executable contentMedium01FailedMedium
1937Microsoft Defender Exploit GuardASR: Block JavaScript or VBScript from launching downloaded executable content (Intune)Medium01FailedMedium
1906Microsoft Defender Exploit GuardASR: Block execution of potentially obfuscated scripts (Policy)Medium01FailedMedium
1921Microsoft Defender Exploit GuardASR: Block execution of potentially obfuscated scriptsMedium01FailedMedium
1938Microsoft Defender Exploit GuardASR: Block execution of potentially obfuscated scripts (Intune)Medium01FailedMedium
1907Microsoft Defender Exploit GuardASR: Block Win32 API calls from Office macros (Policy)Medium01FailedMedium
1922Microsoft Defender Exploit GuardASR: Block Win32 API calls from Office macrosMedium01FailedMedium
1939Microsoft Defender Exploit GuardASR: Block Win32 API calls from Office macros (Intune)Medium01FailedMedium
1908Microsoft Defender Exploit GuardASR: Block executable files from running unless they meet a prevalence, age, or trusted list criterion (Policy)Medium01FailedMedium
1923Microsoft Defender Exploit GuardASR: Block executable files from running unless they meet a prevalence, age, or trusted list criterionMedium01FailedMedium
1940Microsoft Defender Exploit GuardASR: Block executable files from running unless they meet a prevalence, age, or trusted list criterion (Intune)Medium01FailedMedium
1909Microsoft Defender Exploit GuardASR: Use advanced protection against ransomware (Policy)Medium01FailedMedium
1924Microsoft Defender Exploit GuardASR: Use advanced protection against ransomwareMedium01FailedMedium
1941Microsoft Defender Exploit GuardASR: Use advanced protection against ransomware (Intune)Medium01FailedMedium
1910Microsoft Defender Exploit GuardASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe) (Policy)Medium01FailedMedium
1925Microsoft Defender Exploit GuardASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe)Medium01FailedMedium
1942Microsoft Defender Exploit GuardASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe) (Intune)Medium01FailedMedium
1911Microsoft Defender Exploit GuardASR: Block process creations originating from PSExec and WMI commands (Policy)Medium01FailedMedium
1926Microsoft Defender Exploit GuardASR: Block process creations originating from PSExec and WMI commandsMedium01FailedMedium
1943Microsoft Defender Exploit GuardASR: Block process creations originating from PSExec and WMI commands (Intune)Medium01FailedMedium
1912Microsoft Defender Exploit GuardASR: Block untrusted and unsigned processes that run from USB (Policy)Medium01FailedMedium
1927Microsoft Defender Exploit GuardASR: Block untrusted and unsigned processes that run from USBMedium01FailedMedium
1944Microsoft Defender Exploit GuardASR: Block untrusted and unsigned processes that run from USB (Intune)Medium01FailedMedium
1913Microsoft Defender Exploit GuardASR: Block Office communication application from creating child processes (Policy)Medium01FailedMedium
1928Microsoft Defender Exploit GuardASR: Block Office communication application from creating child processesMedium01FailedMedium
1945Microsoft Defender Exploit GuardASR: Block Office communication application from creating child processes (Intune)Medium01FailedMedium
1914Microsoft Defender Exploit GuardASR: Block Adobe Reader from creating child processes (Policy)Medium01FailedMedium
1929Microsoft Defender Exploit GuardASR: Block Adobe Reader from creating child processesMedium01FailedMedium
1946Microsoft Defender Exploit GuardASR: Block Adobe Reader from creating child processes (Intune)Medium01FailedMedium
1915Microsoft Defender Exploit GuardASR: Block persistence through WMI event subscription (Policy)Medium01FailedMedium
1930Microsoft Defender Exploit GuardASR: Block persistence through WMI event subscriptionMedium01FailedMedium
1947Microsoft Defender Exploit GuardASR: Block persistence through WMI event subscription (Intune)Medium01FailedMedium
1931Microsoft Defender Exploit GuardASR: Block abuse of exploited vulnerable signed drivers (Policy)Medium01FailedMedium
1932Microsoft Defender Exploit GuardASR: Block abuse of exploited vulnerable signed driversMedium01FailedMedium
1948Microsoft Defender Exploit GuardASR: Block abuse of exploited vulnerable signed drivers (Intune)Medium01FailedMedium
1966Microsoft Defender Exploit GuardASR: Exclude files and paths from Attack Surface Reduction Rules (Policy)PassedPassedMedium
1967Microsoft Defender Exploit GuardASR: Exclude files and paths from Attack Surface Reduction RulesPassedPassedMedium
1968Microsoft Defender Exploit GuardASR: Exclude files and paths from Attack Surface Reduction Rules (Intune)PassedPassedMedium
1965Microsoft Defender Exploit GuardNetwork Protection: Prevent users and apps from accessing dangerous websitesMedium1FailedMedium
1767Administrative Templates: Windows ComponentsNews and interests: Enable news and interests on the taskbarMedium0FailedMedium
1733Administrative Templates: Windows ComponentsOneDrive: Prevent the usage of OneDrive for file storageMedium01FailedMedium
1734Administrative Templates: Windows ComponentsRemote Desktop Connection Client: Do not allow passwords to be savedMedium01FailedMedium
1735Administrative Templates: Windows ComponentsRemote Desktop Session Host: Allow users to connect remotely by using Remote Desktop ServicesMedium01FailedMedium
1736Administrative Templates: Windows ComponentsRemote Desktop Session Host: Device and Resource Redirection: Do not allow drive redirectionMedium01FailedMedium
1737Administrative Templates: Windows ComponentsRemote Desktop Session Host: Security: Always prompt for password upon connectionMedium01FailedMedium
1738Administrative Templates: Windows ComponentsRemote Desktop Session Host: Security: Require secure RPC communicationMedium01FailedMedium
1739Administrative Templates: Windows ComponentsRemote Desktop Session Host: Security: Set client connection encryption levelMedium03FailedMedium
1740Administrative Templates: Windows ComponentsSearch: Allow Cloud SearchMedium10FailedMedium
1741Administrative Templates: Windows ComponentsSearch: Allow CortanaPassed00PassedMedium
1742Administrative Templates: Windows ComponentsSearch: Allow Cortana above lock screenMedium10FailedMedium
1743Administrative Templates: Windows ComponentsSearch: Allow indexing of encrypted filesMedium10FailedMedium
1744Administrative Templates: Windows ComponentsSearch: Allow search and Cortana to use locationMedium10FailedMedium
1745Administrative Templates: Windows ComponentsSearch: Set what information is shared in SearchMedium13FailedMedium
1746Administrative Templates: Windows ComponentsWindows Error Reporting: Disable Windows Error ReportingPassed11PassedMedium
1747Administrative Templates: Windows ComponentsWindows Game Recording and Broadcasting: Enables or disables Windows Game Recording and BroadcastingLow10FailedLow
1748Administrative Templates: Windows ComponentsWindows Ink Workspace: Allow Windows Ink WorkspacePassed00PassedMedium
1749Administrative Templates: Windows ComponentsWindows Installer: Always install with elevated privilegesPassed00PassedMedium
1750Administrative Templates: Windows ComponentsWindows Installer: Allow user control over installsMedium10FailedMedium
1751Administrative Templates: Windows ComponentsWindows Installer: Prevent Internet Explorer security prompt for Windows Installer scriptsMedium10FailedMedium
1752Administrative Templates: Windows ComponentsWindows Logon Options: Sign-in and lock last interactive user automatically after a restartMedium01FailedMedium
1770Administrative Templates: Windows ComponentsWindows Installer: Disable Co-Installer (USB AutoInstall)Medium1FailedMedium
1753Administrative Templates: Windows ComponentsWinRM Client: Allow Basic authenticationMedium10FailedMedium
1754Administrative Templates: Windows ComponentsWinRM Client: Allow unencrypted trafficMedium10FailedMedium
1755Administrative Templates: Windows ComponentsWinRM Client: Disallow Digest authenticationMedium10FailedMedium
1756Administrative Templates: Windows ComponentsWinRM Service: Allow remote server management through WinRMMedium10FailedMedium
1757Administrative Templates: Windows ComponentsWinRM Service: Allow Basic authenticationMedium10FailedMedium
1758Administrative Templates: Windows ComponentsWinRM Service: Allow unencrypted trafficMedium10FailedMedium
1759Administrative Templates: Windows ComponentsWinRM Service: Disallow WinRM from storing RunAs credentialsMedium01FailedMedium
1760Administrative Templates: Windows ComponentsWindows Remote Shell: Allow Remote Shell AccessMedium10FailedMedium
2000Administrative Templates: Windows ComponentsFile Explorer: Configure Windows Defender SmartScreenMedium01FailedMedium
2001Administrative Templates: Windows ComponentsFile Explorer: Configure Windows Defender SmartScreen to warn and prevent bypassMediumWarnBlockFailedMedium
2105PowerShellTurn on PowerShell Module LoggingLow01FailedLow
2106PowerShellTurn on PowerShell Module Logging - Module NamesLow*FailedLow
2100PowerShellTurn on PowerShell Script Block LoggingMedium01FailedMedium
2101PowerShellTurn on PowerShell Script Block Logging (Invocation)Low01FailedLow
2102PowerShellTurn on PowerShell TranscriptionLow01FailedLow
2107PowerShellTurn on PowerShell Transcription (Invocation)Low01FailedLow
2103PowerShellDisable PowerShell version 2MediumEnabledDisabledFailedMedium
2104PowerShellDisable PowerShell version 2 (root)MediumEnabledDisabledFailedMedium
2200MS Security GuideLSA ProtectionMedium1FailedMedium
2201MS Security GuideLsass.exe audit modeLow8FailedLow
2202MS Security GuideNetBT NodeType configurationMedium02FailedMedium
2203MS Security GuideWDigest AuthenticationPassed00PassedHigh
2209MS Security GuideEnable Structured Exception Handling Overwrite Protection (SEHOP)Passed00PassedMedium
2210MS Security GuideLimits print driver installation to AdministratorsMedium1FailedMedium
2211MS Security GuideConfigure RPC packet level privacy setting for incoming connectionsMedium1FailedMedium
2212MS Security GuideManage processing of Queue-specific filesMedium1FailedMedium
2204MSS (Legacy)MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)Medium01FailedMedium
2205MSS (Legacy)MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)Medium02FailedMedium
2206MSS (Legacy)MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)Medium12FailedMedium
2207MSS (Legacy)MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMedium10FailedMedium
2208MSS (Legacy)MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS serversMedium01FailedMedium
2400Scheduled TaskXblGameSave Standby TaskMediumReadyDisabledFailedMedium
2411System ServicesDisable mDNS in Dnscache serviceMedium0FailedMedium
2401System ServicesPrint Spooler (Spooler)Medium34FailedMedium
2402System ServicesPrint Spooler (Spooler) (Service Startup type)MediumManualDisabledFailedMedium
2412System ServicesWebClient (WebClient)Medium34FailedMedium
2413System ServicesWebClient (WebClient) (Service Startup type)MediumManualDisabledFailedMedium
2403System ServicesXbox Accessory Management Service (XboxGipSvc)Medium34FailedMedium
2404System ServicesXbox Accessory Management Service (XboxGipSvc) (Service Startup type)MediumManualDisabledFailedMedium
2405System ServicesXbox Live Auth Manager (XblAuthManager)Medium34FailedMedium
2406System ServicesXbox Live Auth Manager (XblAuthManager) (Service Startup type)MediumManualDisabledFailedMedium
2407System ServicesXbox Live Game Save (XblGameSave)Medium34FailedMedium
2408System ServicesXbox Live Game Save (XblGameSave) (Service Startup type)MediumManualDisabledFailedMedium
2409System ServicesXbox Live Networking Service (XboxNetApiSvc)Medium34FailedMedium
2410System ServicesXbox Live Networking Service (XboxNetApiSvc) (Service Startup type)MediumManualDisabledFailedMedium
1950Microsoft Defender Exploit GuardExploit protection: Control flow guard (CFG)MediumNOTSETONFailedMedium
1951Microsoft Defender Exploit GuardExploit protection: Data Execution Prevention (DEP)MediumNOTSETONFailedMedium
1952Microsoft Defender Exploit GuardExploit protection: Override Data Execution Prevention (DEP)PassedFalseFalsePassedMedium
1954Microsoft Defender Exploit GuardExploit protection: Force randomization for images (Mandatory ASLR)MediumNOTSETONFailedMedium
1955Microsoft Defender Exploit GuardExploit protection: Override force randomization for images (Mandatory ASLR)PassedFalseFalsePassedMedium
1956Microsoft Defender Exploit GuardExploit protection: Randomize memory allocations (Bottom-up ASLR)MediumNOTSETONFailedMedium
1957Microsoft Defender Exploit GuardExploit protection: Override randomize memory allocations (Bottom-up ASLR)PassedFalseFalsePassedMedium
1958Microsoft Defender Exploit GuardExploit protection: High-entropy ASLRMediumNOTSETONFailedMedium
1959Microsoft Defender Exploit GuardExploit protection: Override high-entropy ASLRPassedFalseFalsePassedMedium
1960Microsoft Defender Exploit GuardExploit protection: Validate exception chains (SEHOP)MediumNOTSETONFailedMedium
1961Microsoft Defender Exploit GuardExploit protection: Validate exception chains (SEHOP (Telemetry only)MediumNOTSETOFFFailedMedium
1962Microsoft Defender Exploit GuardExploit protection: Override validate exception chains (SEHOP)PassedFalseFalsePassedMedium
1963Microsoft Defender Exploit GuardExploit protection: Validate heap integrityMediumNOTSETONFailedMedium
1964Microsoft Defender Exploit GuardExploit protection: Override validate heap integrityPassedFalseFalsePassedMedium
1953Microsoft Defender Exploit GuardForce use of Data Execution Prevention (DEP)MediumOptInAlwaysOnFailedMedium
2300Windows FirewallHardeningKitty-Block-TCP-NetBIOSLowTrueFailedLow
2301Windows FirewallHardeningKitty-Block-TCP-RDPLowTrueFailedLow
2302Windows FirewallHardeningKitty-Block-TCP-RPCLowTrueFailedLow
2303Windows FirewallHardeningKitty-Block-TCP-SMBLowTrueFailedLow
2304Windows FirewallHardeningKitty-Block-TCP-WinRMLowTrueFailedLow
2305Windows FirewallHardeningKitty-Block-UDP-NetBIOSLowTrueFailedLow
2306Windows FirewallHardeningKitty-Block-UDP-RPCLowTrueFailedLow
2307Windows FirewallHardeningKitty-Block-calc-x64LowTrueFailedLow
2308Windows FirewallHardeningKitty-Block-calc-x86LowTrueFailedLow
2309Windows FirewallHardeningKitty-Block-certutil-x64LowTrueFailedLow
2310Windows FirewallHardeningKitty-Block-certutil-x86LowTrueFailedLow
2311Windows FirewallHardeningKitty-Block-conhost-x64LowTrueFailedLow
2312Windows FirewallHardeningKitty-Block-conhost-x86LowTrueFailedLow
2313Windows FirewallHardeningKitty-Block-cscript-x64LowTrueFailedLow
2314Windows FirewallHardeningKitty-Block-cscript-x86LowTrueFailedLow
2315Windows FirewallHardeningKitty-Block-mshta-x64LowTrueFailedLow
2316Windows FirewallHardeningKitty-Block-mshta-x86LowTrueFailedLow
2317Windows FirewallHardeningKitty-Block-notepad-x64LowTrueFailedLow
2318Windows FirewallHardeningKitty-Block-notepad-x86LowTrueFailedLow
2319Windows FirewallHardeningKitty-Block-RunScriptHelper-x64LowTrueFailedLow
2320Windows FirewallHardeningKitty-Block-RunScriptHelper-x86LowTrueFailedLow
2321Windows FirewallHardeningKitty-Block-wscript-x64LowTrueFailedLow
2322Windows FirewallHardeningKitty-Block-wscript-x86LowTrueFailedLow