CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

5.33 (L2) Ensure 'Windows Error Reporting Service (WerSvc)' is set to 'Disabled' (Scored)

ProfileApplicability:

 Level 2 (L2) - High Security/Sensitive Data Environment (limited functionality)

Description:

Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services.

The recommended state for this setting is: Disabled .

Rationale:

If a Windows Error occurs in a secure, enterprise managed environment, the error should be reported directly to IT staff for troubleshooting and remediation. There is no benefit to the corporation to report these errors directly to Microsoft, and there is some risk of unknowingly exposing sensitive data as part of the error.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WerSvc:Start

Remediation:

To establish the recommended configuration via GP, set the following UI path to: Disabled .

Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Windows Error Reporting Service

Impact:

If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.

360 | P a g e