Microsoft Security Baseline: What is Block DVR security reasoning?

Ana 1 Reputation point
2022-11-08T10:21:26.503+00:00

Hello,

A question has been brought up by one of the employees after integration with Intune, Why is Block DVR: Enabled is a default setting in the Microsoft Security Baseline?. I would like to know the reason why this was a decision taken by Microsoft. I need to understand the reasoning and the security concerns of this feature before changing the baseline default to allow DVR to be used.

When doing some research I discovered that DVR is considered a vulnerability for CCTV devices and IoT Cameras.
I have also discovered that there are a couple of vulnerability disclosures about .dvr-ms that affected older versions of Microsoft and didn't have mentions of Xbox Game Bar or Windows 10.

MS11-015
MS11-092
CVE-2011-0042
CVE-2011-0032
CVE-2011-3401

I have not found instances where Xbox Game Bar uses the .dvr-ms files therefore I do not yet see the exploit path through the software.

Some of our engineers find the recording feature of the Xbox Game Bar to be beneficial when recording tutorials and instructions to be shared with the rest of the users.

Thank you

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,804 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,563 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Crystal-MSFT 44,841 Reputation points Microsoft Vendor
    2022-11-09T02:11:42.72+00:00

    @Ana , In fact, the setting in the baselines default configuration is recommended by the relevant security team.
    https://learn.microsoft.com/en-us/mem/intune/protect/security-baseline-settings-mdm-all?pivots=mdm-november-2021

    For the setting "Block game DVR (desktop only)", it specifies whether DVR and broadcasting are allowed.
    https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowgamedvr

    The Microsoft Game Development Kit (GDK) includes a set of APIs for broadcast notifications that show broadcasting UI, adding metadata to screenshots, video clips, broadcast, and capturing diagnostic screenshots and video.
    https://learn.microsoft.com/en-us/gaming/gdk/_content/gc/system/overviews/gamedvr-broadcast

    Based on my researching, sometimes it may capture some unwanted screenshots which may cause risk. I think this maybe the reason to disable it by default. If you want to know more about the setting. You can open a new thread and add "windowa-10 security" tag to see if you can get more help.

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.