From 6410a3b3c5abd4562a2793e1889b16a8eab3c5e7 Mon Sep 17 00:00:00 2001
From: afdesk <work@afdesk.com>
Date: Thu, 7 Dec 2023 07:24:57 +0600
Subject: [PATCH] add policy section 18.9.46

---
 cfg/2.0.0/definitions.yaml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/cfg/2.0.0/definitions.yaml b/cfg/2.0.0/definitions.yaml
index 732bfda..2d9cf95 100644
--- a/cfg/2.0.0/definitions.yaml
+++ b/cfg/2.0.0/definitions.yaml
@@ -3982,3 +3982,39 @@ groups:
           To establish the recommended configuration via GP, set the following UI path to 'Enabled: Audit' (configuring to 'Enabled: Block' also conforms to the benchmark):
              Computer Configuration\Policies\Administrative Templates\System\Security Account Manager\Configure validation of ROCA-vulnerable WHfB keys during authentication
         scored: true
+      - id: 18.9.46.5.1
+        description: "Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled' (Automated)"
+        audittype: powershell
+        audit:
+          cmd:
+            DomainController: Get-ItemPropertyValue 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy' DisableQueryRemoteServer
+            MemberServer: Get-ItemPropertyValue 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy' DisableQueryRemoteServer
+        tests:
+          test_items:
+            - flag: ""
+              compare:
+                op: eq
+                value: "0"
+              set: true
+        remediation: >
+          To establish the recommended configuration via GP, set the following UI path to 'Disabled':
+             Computer Configuration\Policies\Administrative Templates\System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool\Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider
+        scored: true
+      - id: 18.9.46.11.1
+        description: "Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' (Automated)"
+        audittype: powershell
+        audit:
+          cmd:
+            DomainController: Get-ItemPropertyValue 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}' ScenarioExecutionEnabled
+            MemberServer: Get-ItemPropertyValue 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}' ScenarioExecutionEnabled
+        tests:
+          test_items:
+            - flag: ""
+              compare:
+                op: eq
+                value: "0"
+              set: true
+        remediation: >
+          To establish the recommended configuration via GP, set the following UI path to 'Disabled':
+             Computer Configuration\Policies\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Performance PerfTrack\Enable/Disable PerfTrack
+        scored: true