Views:

The Center for Internet Security (CIS) Microsoft IIS 10 Benchmark provides prescriptive guidance for establishing a secure configuration posture for Microsoft IIS 10.

  • Is Apex One and Apex Central compatible with applying all the CIS Microsoft IIS 10 Benchmark?

    Trend Micro Apex One and Apex Central products support most CIS Microsoft IIS 10 benchmark recommendations except item 4.7. (Ensure Unlisted File Extensions are not allowed) and item 4.11. (Ensure ‘Dynamic IP Address Restrictions’ is enabled) which are not supported. This finding is based on internal tracker cases verified by Trend Micro RD.

  • Why is “Ensure Unlisted File Extensions are not allowed” not supported?

    Trend Micro does not recommend customers to uncheck or disable the "Allow unlisted file name extensions" option from the Request Filtering section of the IIS as this would generate lots of temp files (no filename extensions) or lots of audit logs for update/upgrade purposes.

  • Why is “Ensure ‘Dynamic IP Address Restrictions’ is enabled” not supported?

    This option mainly limits connections for addresses or connection speeds, and there is no need to do this because many logs and events from agents are events-driven. Enabling this causes widget UI errors.

  • Can the customer request Trend Micro to apply the CIS Microsoft IIS 10 Benchmark on their servers?

    No. The CIS Microsoft IIS 10 Benchmark implementation is done by the customer's system and application administrators, Wintel or platform deployment personnel, or the IT Service Delivery team. Trend Micro can assist and work closely with the customer in deploying Trend Micro products on their environment.

Customers can contact Trend Micro's 24/7 Technical Support hotline to raise product issues.

Keywords: FAQs,common questions,common issues,general questions,CIS Microsoft IIS 10 Benchmark compatibility