| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-225237 | CAT II | MONT-WS-92040 | Microsoft DotNet Framework 4.0 Security ... | Remoting Services TCP channels must utilize authen... | - | |||
Check TextIf .NET remoting with TCP channel is not used, this check is Not Applicable. Check the machine.config and the [application executable name].exe.config configuration files. For 32-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\Config For 64-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Config. Microsoft specifies locating the application config file in the same folder as the application executable (.exe) file. However, the developer does have the capability to specify a different location when the application is compiled. Therefore, if the config file is not found in the application home folder, a search of the system is required. If the [application name].exe.config file is not found on the system, then only a check of the machine.config file is required. Sample machine/application config file: <application name=“remoteserver”> <service> <activated type=“sample.my.object, myobjects”/> </service> <channels> <channel ref=“tcp server” port=“6134”/> </channels> </application> <serverProviders> <provider ref="wsdl" /> <formatter ref="soap" typeFilterLevel="Full" /> <formatter ref="binary" typeFilterLevel="Full" /> </serverProviders> Microsoft provides three "channels" that are used for remoting connectivity. They are the HTTP, TCP, and IPC channels. The channel that is used is specified via the <channels> element in the config file. TCP channel example: <channel ref=“tcp” port=“6134” secure="true"/> The TCP channel provides encryption and message integrity when the "secure" flag is set to "true" as shown in the above example. If the "secure" flag is not set to "true" for the TCP channel, this is a finding. Fix TextIf .NET remoting with TCP channel is not used, this fix is Not Applicable. Ensure encryption and message integrity are used for TCP remoting channels. TCP remoting connections are protected via the secure=true configuration parameter. <channels> <channel ref="tcp" secure="true" /> </channels> Include the secure="true" flag in the channel ref parameter of the machine.config and [application name].exe.config file if the [application name].exe.config file exists on the system. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 499D611575281956E8E80B6EFACA64CD0F81EBAD ~~~~~ No machine.config or *.exe.config files found using .NET remoting with TCP channel so this requirement is NA.
Source: _Reviewed/MONT-WS-92040/Checklist/MONT-WS-92040_DotNET4_V2R7_20251023-142306.ckl
Scan Date: 2026-01-14T12:57:25.530570
Technology Area: Windows Operating System
|
||||||||
| V-225237 | CAT II | MONT-WS-92010 | Microsoft DotNet Framework 4.0 Security ... | Remoting Services TCP channels must utilize authen... | - | |||
Check TextIf .NET remoting with TCP channel is not used, this check is Not Applicable. Check the machine.config and the [application executable name].exe.config configuration files. For 32-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\Config For 64-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Config. Microsoft specifies locating the application config file in the same folder as the application executable (.exe) file. However, the developer does have the capability to specify a different location when the application is compiled. Therefore, if the config file is not found in the application home folder, a search of the system is required. If the [application name].exe.config file is not found on the system, then only a check of the machine.config file is required. Sample machine/application config file: <application name=“remoteserver”> <service> <activated type=“sample.my.object, myobjects”/> </service> <channels> <channel ref=“tcp server” port=“6134”/> </channels> </application> <serverProviders> <provider ref="wsdl" /> <formatter ref="soap" typeFilterLevel="Full" /> <formatter ref="binary" typeFilterLevel="Full" /> </serverProviders> Microsoft provides three "channels" that are used for remoting connectivity. They are the HTTP, TCP, and IPC channels. The channel that is used is specified via the <channels> element in the config file. TCP channel example: <channel ref=“tcp” port=“6134” secure="true"/> The TCP channel provides encryption and message integrity when the "secure" flag is set to "true" as shown in the above example. If the "secure" flag is not set to "true" for the TCP channel, this is a finding. Fix TextIf .NET remoting with TCP channel is not used, this fix is Not Applicable. Ensure encryption and message integrity are used for TCP remoting channels. TCP remoting connections are protected via the secure=true configuration parameter. <channels> <channel ref="tcp" secure="true" /> </channels> Include the secure="true" flag in the channel ref parameter of the machine.config and [application name].exe.config file if the [application name].exe.config file exists on the system. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 499D611575281956E8E80B6EFACA64CD0F81EBAD ~~~~~ No machine.config or *.exe.config files found using .NET remoting with TCP channel so this requirement is NA.
Source: _Reviewed/MONT-WS-92010/Checklist/MONT-WS-92010_DotNET4_V2R7_20251023-141005.ckl
Scan Date: 2026-01-14T12:57:27.786540
Technology Area: Windows Operating System
|
||||||||
| V-225237 | CAT II | MONT-VSF-004 | Microsoft DotNet Framework 4.0 Security ... | Remoting Services TCP channels must utilize authen... | - | |||
Check TextIf .NET remoting with TCP channel is not used, this check is Not Applicable. Check the machine.config and the [application executable name].exe.config configuration files. For 32-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\Config For 64-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Config. Microsoft specifies locating the application config file in the same folder as the application executable (.exe) file. However, the developer does have the capability to specify a different location when the application is compiled. Therefore, if the config file is not found in the application home folder, a search of the system is required. If the [application name].exe.config file is not found on the system, then only a check of the machine.config file is required. Sample machine/application config file: <application name=“remoteserver”> <service> <activated type=“sample.my.object, myobjects”/> </service> <channels> <channel ref=“tcp server” port=“6134”/> </channels> </application> <serverProviders> <provider ref="wsdl" /> <formatter ref="soap" typeFilterLevel="Full" /> <formatter ref="binary" typeFilterLevel="Full" /> </serverProviders> Microsoft provides three "channels" that are used for remoting connectivity. They are the HTTP, TCP, and IPC channels. The channel that is used is specified via the <channels> element in the config file. TCP channel example: <channel ref=“tcp” port=“6134” secure="true"/> The TCP channel provides encryption and message integrity when the "secure" flag is set to "true" as shown in the above example. If the "secure" flag is not set to "true" for the TCP channel, this is a finding. Fix TextIf .NET remoting with TCP channel is not used, this fix is Not Applicable. Ensure encryption and message integrity are used for TCP remoting channels. TCP remoting connections are protected via the secure=true configuration parameter. <channels> <channel ref="tcp" secure="true" /> </channels> Include the secure="true" flag in the channel ref parameter of the machine.config and [application name].exe.config file if the [application name].exe.config file exists on the system. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 499D611575281956E8E80B6EFACA64CD0F81EBAD ~~~~~ No machine.config or *.exe.config files found using .NET remoting with TCP channel so this requirement is NA.
Source: _Reviewed/MONT-VSF-004/Checklist/MONT-VSF-004_DotNET4_V2R7_20251023-143711.ckl
Scan Date: 2026-01-14T12:57:29.485524
Technology Area: Windows Operating System
|
||||||||
| V-225237 | CAT II | MONT-VSF-003 | Microsoft DotNet Framework 4.0 Security ... | Remoting Services TCP channels must utilize authen... | - | |||
Check TextIf .NET remoting with TCP channel is not used, this check is Not Applicable. Check the machine.config and the [application executable name].exe.config configuration files. For 32-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\Config For 64-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Config. Microsoft specifies locating the application config file in the same folder as the application executable (.exe) file. However, the developer does have the capability to specify a different location when the application is compiled. Therefore, if the config file is not found in the application home folder, a search of the system is required. If the [application name].exe.config file is not found on the system, then only a check of the machine.config file is required. Sample machine/application config file: <application name=“remoteserver”> <service> <activated type=“sample.my.object, myobjects”/> </service> <channels> <channel ref=“tcp server” port=“6134”/> </channels> </application> <serverProviders> <provider ref="wsdl" /> <formatter ref="soap" typeFilterLevel="Full" /> <formatter ref="binary" typeFilterLevel="Full" /> </serverProviders> Microsoft provides three "channels" that are used for remoting connectivity. They are the HTTP, TCP, and IPC channels. The channel that is used is specified via the <channels> element in the config file. TCP channel example: <channel ref=“tcp” port=“6134” secure="true"/> The TCP channel provides encryption and message integrity when the "secure" flag is set to "true" as shown in the above example. If the "secure" flag is not set to "true" for the TCP channel, this is a finding. Fix TextIf .NET remoting with TCP channel is not used, this fix is Not Applicable. Ensure encryption and message integrity are used for TCP remoting channels. TCP remoting connections are protected via the secure=true configuration parameter. <channels> <channel ref="tcp" secure="true" /> </channels> Include the secure="true" flag in the channel ref parameter of the machine.config and [application name].exe.config file if the [application name].exe.config file exists on the system. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 499D611575281956E8E80B6EFACA64CD0F81EBAD ~~~~~ No machine.config or *.exe.config files found using .NET remoting with TCP channel so this requirement is NA.
Source: _Reviewed/MONT-VSF-003/Checklist/MONT-VSF-003_DotNET4_V2R7_20251023-143732.ckl
Scan Date: 2026-01-14T12:57:30.918773
Technology Area: Windows Operating System
|
||||||||
| V-225237 | CAT II | MONT-MB-002 | Microsoft DotNet Framework 4.0 Security ... | Remoting Services TCP channels must utilize authen... | - | |||
Check TextIf .NET remoting with TCP channel is not used, this check is Not Applicable. Check the machine.config and the [application executable name].exe.config configuration files. For 32-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\Config For 64-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Config. Microsoft specifies locating the application config file in the same folder as the application executable (.exe) file. However, the developer does have the capability to specify a different location when the application is compiled. Therefore, if the config file is not found in the application home folder, a search of the system is required. If the [application name].exe.config file is not found on the system, then only a check of the machine.config file is required. Sample machine/application config file: <application name=“remoteserver”> <service> <activated type=“sample.my.object, myobjects”/> </service> <channels> <channel ref=“tcp server” port=“6134”/> </channels> </application> <serverProviders> <provider ref="wsdl" /> <formatter ref="soap" typeFilterLevel="Full" /> <formatter ref="binary" typeFilterLevel="Full" /> </serverProviders> Microsoft provides three "channels" that are used for remoting connectivity. They are the HTTP, TCP, and IPC channels. The channel that is used is specified via the <channels> element in the config file. TCP channel example: <channel ref=“tcp” port=“6134” secure="true"/> The TCP channel provides encryption and message integrity when the "secure" flag is set to "true" as shown in the above example. If the "secure" flag is not set to "true" for the TCP channel, this is a finding. Fix TextIf .NET remoting with TCP channel is not used, this fix is Not Applicable. Ensure encryption and message integrity are used for TCP remoting channels. TCP remoting connections are protected via the secure=true configuration parameter. <channels> <channel ref="tcp" secure="true" /> </channels> Include the secure="true" flag in the channel ref parameter of the machine.config and [application name].exe.config file if the [application name].exe.config file exists on the system. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 499D611575281956E8E80B6EFACA64CD0F81EBAD ~~~~~ No machine.config or *.exe.config files found using .NET remoting with TCP channel so this requirement is NA.
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_DotNET4_V2R7_20251023-152339.ckl
Scan Date: 2026-01-14T12:57:32.355929
Technology Area: Windows Operating System
|
||||||||
| V-225237 | CAT II | MONT-DP-001 | Microsoft DotNet Framework 4.0 Security ... | Remoting Services TCP channels must utilize authen... | - | |||
Check TextIf .NET remoting with TCP channel is not used, this check is Not Applicable. Check the machine.config and the [application executable name].exe.config configuration files. For 32-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\Config For 64-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Config. Microsoft specifies locating the application config file in the same folder as the application executable (.exe) file. However, the developer does have the capability to specify a different location when the application is compiled. Therefore, if the config file is not found in the application home folder, a search of the system is required. If the [application name].exe.config file is not found on the system, then only a check of the machine.config file is required. Sample machine/application config file: <application name=“remoteserver”> <service> <activated type=“sample.my.object, myobjects”/> </service> <channels> <channel ref=“tcp server” port=“6134”/> </channels> </application> <serverProviders> <provider ref="wsdl" /> <formatter ref="soap" typeFilterLevel="Full" /> <formatter ref="binary" typeFilterLevel="Full" /> </serverProviders> Microsoft provides three "channels" that are used for remoting connectivity. They are the HTTP, TCP, and IPC channels. The channel that is used is specified via the <channels> element in the config file. TCP channel example: <channel ref=“tcp” port=“6134” secure="true"/> The TCP channel provides encryption and message integrity when the "secure" flag is set to "true" as shown in the above example. If the "secure" flag is not set to "true" for the TCP channel, this is a finding. Fix TextIf .NET remoting with TCP channel is not used, this fix is Not Applicable. Ensure encryption and message integrity are used for TCP remoting channels. TCP remoting connections are protected via the secure=true configuration parameter. <channels> <channel ref="tcp" secure="true" /> </channels> Include the secure="true" flag in the channel ref parameter of the machine.config and [application name].exe.config file if the [application name].exe.config file exists on the system. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 499D611575281956E8E80B6EFACA64CD0F81EBAD ~~~~~ No machine.config or *.exe.config files found using .NET remoting with TCP channel so this requirement is NA.
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_DotNET4_V2R7_20251023-143731.ckl
Scan Date: 2026-01-14T12:57:34.683670
Technology Area: Windows Operating System
|
||||||||
| V-225237 | CAT II | MONT-DC-003 | Microsoft DotNet Framework 4.0 Security ... | Remoting Services TCP channels must utilize authen... | - | |||
Check TextIf .NET remoting with TCP channel is not used, this check is Not Applicable. Check the machine.config and the [application executable name].exe.config configuration files. For 32-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\Config For 64-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Config. Microsoft specifies locating the application config file in the same folder as the application executable (.exe) file. However, the developer does have the capability to specify a different location when the application is compiled. Therefore, if the config file is not found in the application home folder, a search of the system is required. If the [application name].exe.config file is not found on the system, then only a check of the machine.config file is required. Sample machine/application config file: <application name=“remoteserver”> <service> <activated type=“sample.my.object, myobjects”/> </service> <channels> <channel ref=“tcp server” port=“6134”/> </channels> </application> <serverProviders> <provider ref="wsdl" /> <formatter ref="soap" typeFilterLevel="Full" /> <formatter ref="binary" typeFilterLevel="Full" /> </serverProviders> Microsoft provides three "channels" that are used for remoting connectivity. They are the HTTP, TCP, and IPC channels. The channel that is used is specified via the <channels> element in the config file. TCP channel example: <channel ref=“tcp” port=“6134” secure="true"/> The TCP channel provides encryption and message integrity when the "secure" flag is set to "true" as shown in the above example. If the "secure" flag is not set to "true" for the TCP channel, this is a finding. Fix TextIf .NET remoting with TCP channel is not used, this fix is Not Applicable. Ensure encryption and message integrity are used for TCP remoting channels. TCP remoting connections are protected via the secure=true configuration parameter. <channels> <channel ref="tcp" secure="true" /> </channels> Include the secure="true" flag in the channel ref parameter of the machine.config and [application name].exe.config file if the [application name].exe.config file exists on the system. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 499D611575281956E8E80B6EFACA64CD0F81EBAD ~~~~~ No machine.config or *.exe.config files found using .NET remoting with TCP channel so this requirement is NA.
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_DotNET4_V2R7_20251023-171946.ckl
Scan Date: 2026-01-14T12:57:36.663331
Technology Area: Windows Operating System
|
||||||||
| V-225237 | CAT II | MONT-DB-002 | Microsoft DotNet Framework 4.0 Security ... | Remoting Services TCP channels must utilize authen... | - | |||
Check TextIf .NET remoting with TCP channel is not used, this check is Not Applicable. Check the machine.config and the [application executable name].exe.config configuration files. For 32-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\Config For 64-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Config. Microsoft specifies locating the application config file in the same folder as the application executable (.exe) file. However, the developer does have the capability to specify a different location when the application is compiled. Therefore, if the config file is not found in the application home folder, a search of the system is required. If the [application name].exe.config file is not found on the system, then only a check of the machine.config file is required. Sample machine/application config file: <application name=“remoteserver”> <service> <activated type=“sample.my.object, myobjects”/> </service> <channels> <channel ref=“tcp server” port=“6134”/> </channels> </application> <serverProviders> <provider ref="wsdl" /> <formatter ref="soap" typeFilterLevel="Full" /> <formatter ref="binary" typeFilterLevel="Full" /> </serverProviders> Microsoft provides three "channels" that are used for remoting connectivity. They are the HTTP, TCP, and IPC channels. The channel that is used is specified via the <channels> element in the config file. TCP channel example: <channel ref=“tcp” port=“6134” secure="true"/> The TCP channel provides encryption and message integrity when the "secure" flag is set to "true" as shown in the above example. If the "secure" flag is not set to "true" for the TCP channel, this is a finding. Fix TextIf .NET remoting with TCP channel is not used, this fix is Not Applicable. Ensure encryption and message integrity are used for TCP remoting channels. TCP remoting connections are protected via the secure=true configuration parameter. <channels> <channel ref="tcp" secure="true" /> </channels> Include the secure="true" flag in the channel ref parameter of the machine.config and [application name].exe.config file if the [application name].exe.config file exists on the system. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 499D611575281956E8E80B6EFACA64CD0F81EBAD ~~~~~ No machine.config or *.exe.config files found using .NET remoting with TCP channel so this requirement is NA.
Source: _Reviewed/MONT-DB-002/Checklist/MONT-DB-002_DotNET4_V2R7_20251023-143930.ckl
Scan Date: 2026-01-14T12:57:38.504147
Technology Area: Windows Operating System
|
||||||||
| V-225237 | CAT II | MONT-BE-002 | Microsoft DotNet Framework 4.0 Security ... | Remoting Services TCP channels must utilize authen... | - | |||
Check TextIf .NET remoting with TCP channel is not used, this check is Not Applicable. Check the machine.config and the [application executable name].exe.config configuration files. For 32-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\Config For 64-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Config. Microsoft specifies locating the application config file in the same folder as the application executable (.exe) file. However, the developer does have the capability to specify a different location when the application is compiled. Therefore, if the config file is not found in the application home folder, a search of the system is required. If the [application name].exe.config file is not found on the system, then only a check of the machine.config file is required. Sample machine/application config file: <application name=“remoteserver”> <service> <activated type=“sample.my.object, myobjects”/> </service> <channels> <channel ref=“tcp server” port=“6134”/> </channels> </application> <serverProviders> <provider ref="wsdl" /> <formatter ref="soap" typeFilterLevel="Full" /> <formatter ref="binary" typeFilterLevel="Full" /> </serverProviders> Microsoft provides three "channels" that are used for remoting connectivity. They are the HTTP, TCP, and IPC channels. The channel that is used is specified via the <channels> element in the config file. TCP channel example: <channel ref=“tcp” port=“6134” secure="true"/> The TCP channel provides encryption and message integrity when the "secure" flag is set to "true" as shown in the above example. If the "secure" flag is not set to "true" for the TCP channel, this is a finding. Fix TextIf .NET remoting with TCP channel is not used, this fix is Not Applicable. Ensure encryption and message integrity are used for TCP remoting channels. TCP remoting connections are protected via the secure=true configuration parameter. <channels> <channel ref="tcp" secure="true" /> </channels> Include the secure="true" flag in the channel ref parameter of the machine.config and [application name].exe.config file if the [application name].exe.config file exists on the system. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 499D611575281956E8E80B6EFACA64CD0F81EBAD ~~~~~ No machine.config or *.exe.config files found using .NET remoting with TCP channel so this requirement is NA.
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_DotNET4_V2R7_20251023-143746.ckl
Scan Date: 2026-01-14T12:57:39.853926
Technology Area: Windows Operating System
|
||||||||
| V-225237 | CAT II | MONT-AP-002 | Microsoft DotNet Framework 4.0 Security ... | Remoting Services TCP channels must utilize authen... | - | |||
Check TextIf .NET remoting with TCP channel is not used, this check is Not Applicable. Check the machine.config and the [application executable name].exe.config configuration files. For 32-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\Config For 64-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Config. Microsoft specifies locating the application config file in the same folder as the application executable (.exe) file. However, the developer does have the capability to specify a different location when the application is compiled. Therefore, if the config file is not found in the application home folder, a search of the system is required. If the [application name].exe.config file is not found on the system, then only a check of the machine.config file is required. Sample machine/application config file: <application name=“remoteserver”> <service> <activated type=“sample.my.object, myobjects”/> </service> <channels> <channel ref=“tcp server” port=“6134”/> </channels> </application> <serverProviders> <provider ref="wsdl" /> <formatter ref="soap" typeFilterLevel="Full" /> <formatter ref="binary" typeFilterLevel="Full" /> </serverProviders> Microsoft provides three "channels" that are used for remoting connectivity. They are the HTTP, TCP, and IPC channels. The channel that is used is specified via the <channels> element in the config file. TCP channel example: <channel ref=“tcp” port=“6134” secure="true"/> The TCP channel provides encryption and message integrity when the "secure" flag is set to "true" as shown in the above example. If the "secure" flag is not set to "true" for the TCP channel, this is a finding. Fix TextIf .NET remoting with TCP channel is not used, this fix is Not Applicable. Ensure encryption and message integrity are used for TCP remoting channels. TCP remoting connections are protected via the secure=true configuration parameter. <channels> <channel ref="tcp" secure="true" /> </channels> Include the secure="true" flag in the channel ref parameter of the machine.config and [application name].exe.config file if the [application name].exe.config file exists on the system. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 499D611575281956E8E80B6EFACA64CD0F81EBAD ~~~~~ No machine.config or *.exe.config files found using .NET remoting with TCP channel so this requirement is NA.
Source: _Reviewed/MONT-AP-002/Checklist/MONT-AP-002_DotNET4_V2R7_20251023-144010.ckl
Scan Date: 2026-01-14T12:57:42.156893
Technology Area: Windows Operating System
|
||||||||
| V-225237 | CAT II | MONT-SW-89108 | Microsoft DotNet Framework 4.0 Security ... | Remoting Services TCP channels must utilize authen... | - | |||
Check TextIf .NET remoting with TCP channel is not used, this check is Not Applicable. Check the machine.config and the [application executable name].exe.config configuration files. For 32-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\Config For 64-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Config. Microsoft specifies locating the application config file in the same folder as the application executable (.exe) file. However, the developer does have the capability to specify a different location when the application is compiled. Therefore, if the config file is not found in the application home folder, a search of the system is required. If the [application name].exe.config file is not found on the system, then only a check of the machine.config file is required. Sample machine/application config file: <application name=“remoteserver”> <service> <activated type=“sample.my.object, myobjects”/> </service> <channels> <channel ref=“tcp server” port=“6134”/> </channels> </application> <serverProviders> <provider ref="wsdl" /> <formatter ref="soap" typeFilterLevel="Full" /> <formatter ref="binary" typeFilterLevel="Full" /> </serverProviders> Microsoft provides three "channels" that are used for remoting connectivity. They are the HTTP, TCP, and IPC channels. The channel that is used is specified via the <channels> element in the config file. TCP channel example: <channel ref=“tcp” port=“6134” secure="true"/> The TCP channel provides encryption and message integrity when the "secure" flag is set to "true" as shown in the above example. If the "secure" flag is not set to "true" for the TCP channel, this is a finding. Fix TextIf .NET remoting with TCP channel is not used, this fix is Not Applicable. Ensure encryption and message integrity are used for TCP remoting channels. TCP remoting connections are protected via the secure=true configuration parameter. <channels> <channel ref="tcp" secure="true" /> </channels> Include the secure="true" flag in the channel ref parameter of the machine.config and [application name].exe.config file if the [application name].exe.config file exists on the system. Finding DetailsEvaluate-STIG 1.2510.0 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 499D611575281956E8E80B6EFACA64CD0F81EBAD ~~~~~ No machine.config or *.exe.config files found using .NET remoting with TCP channel so this requirement is NA.
Source: MONT-SW-89108_DotNET4_V2R7_20251217-202821.ckl
Scan Date: 2026-03-04T15:25:15.828600
Technology Area: Windows Operating System
|
||||||||
| V-225237 | CAT II | MONT-SW-89134 | Microsoft DotNet Framework 4.0 Security ... | Remoting Services TCP channels must utilize authen... | - | |||
Check TextIf .NET remoting with TCP channel is not used, this check is Not Applicable. Check the machine.config and the [application executable name].exe.config configuration files. For 32-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\Config For 64-bit systems, the "machine.config" file is contained in the following folder. %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Config. Microsoft specifies locating the application config file in the same folder as the application executable (.exe) file. However, the developer does have the capability to specify a different location when the application is compiled. Therefore, if the config file is not found in the application home folder, a search of the system is required. If the [application name].exe.config file is not found on the system, then only a check of the machine.config file is required. Sample machine/application config file: <application name=“remoteserver”> <service> <activated type=“sample.my.object, myobjects”/> </service> <channels> <channel ref=“tcp server” port=“6134”/> </channels> </application> <serverProviders> <provider ref="wsdl" /> <formatter ref="soap" typeFilterLevel="Full" /> <formatter ref="binary" typeFilterLevel="Full" /> </serverProviders> Microsoft provides three "channels" that are used for remoting connectivity. They are the HTTP, TCP, and IPC channels. The channel that is used is specified via the <channels> element in the config file. TCP channel example: <channel ref=“tcp” port=“6134” secure="true"/> The TCP channel provides encryption and message integrity when the "secure" flag is set to "true" as shown in the above example. If the "secure" flag is not set to "true" for the TCP channel, this is a finding. Fix TextIf .NET remoting with TCP channel is not used, this fix is Not Applicable. Ensure encryption and message integrity are used for TCP remoting channels. TCP remoting connections are protected via the secure=true configuration parameter. <channels> <channel ref="tcp" secure="true" /> </channels> Include the secure="true" flag in the channel ref parameter of the machine.config and [application name].exe.config file if the [application name].exe.config file exists on the system. Finding DetailsEvaluate-STIG 1.2510.0 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 499D611575281956E8E80B6EFACA64CD0F81EBAD ~~~~~ No machine.config or *.exe.config files found using .NET remoting with TCP channel so this requirement is NA.
Source: MONT-SW-89134_DotNET4_V2R7_20251217-201000.ckl
Scan Date: 2026-03-04T15:25:41.864254
Technology Area: Windows Operating System
|
||||||||