Merge remote-tracking branch 'origin/4.16.0' into dev

Author: erjenkin

CHANGELOG.md

@@ -2,6 +2,17 @@
 
 ## [Unreleased]
 
+## [4.16.0] - 2023-03-16
+
+* Update PowerSTIG to Parse/Apply Red Hat Enterprise Linux 7 STIG V3R10: [#1193](https://github.com/microsoft/PowerStig/issues/1193)
+* Update PowerSTIG to Parse/Apply CAN_Ubuntu_18-04_LTS_V2R10_STIG: [#1191](https://github.com/microsoft/PowerStig/issues/1191)
+* Update PowerSTIG to Parse/Apply Microsoft IIS 10.0 STIG V2R8: [#1196](https://github.com/microsoft/PowerStig/issues/1196)
+* Update PowerSTIG to Parse/Apply Google Chrome V2R8 [#1192](https://github.com/microsoft/PowerStig/issues/1192)
+* Update PowerSTIG to Parse/Apply Microsoft IIS 8.5 Site V2R7 & Server STIG V2R5 [#1195](https://github.com/microsoft/PowerStig/issues/1195)
+* Update PowerSTIG to Parse/Apply Microsoft Office 365 ProPlus V2R8 #1194: [#1194](https://github.com/microsoft/PowerStig/issues/1194)
+* Update PowerSTIG to Parse/Apply Microsoft Windows Server 2022 V1R1 STIG - Ver 1, Rel 1: [#1190](https://github.com/microsoft/PowerStig/issues/1190)
+* Update Readme to reflect all covered technologies [#1184](https://github.com/microsoft/PowerStig/issues/1184)
+
 ## [4.15.0] - 2022-12-29
 
 * Update PowerSTIG to Parse/Apply Canonical Ubuntu 18.04 LTS STIG - Ver 2, Rel 9: [#1164](https://github.com/microsoft/PowerStig/issues/1164)

FILEHASH.md

@@ -72,18 +72,31 @@ For detailed information, please see the [StigData Wiki](https://github.com/Micr
 
 PowerStig.DSC is not really a specific module, but rather a collection of PowerShell Desired State Configuration (DSC) composite resources to manage the configurable items in each STIG.
 Each composite uses [PowerStig.Data](#powerstigdata) classes to retrieve PowerStig XML.
-This allows the PowerStig.Data classes to manage exceptions, Org settings, and skipped rules uniformly across all composite resources. The standard DSC ResourceID's can them be used by additional automation to automatically generate compliance reports or trigger other automation solutions.
+This allows the PowerStig.Data classes to manage exceptions, Org settings, and skipped rules uniformly across all composite resources. The standard DSC ResourceID's can then be used by additional automation to automatically generate compliance reports or trigger other automation solutions.
 
 ### Composite Resources
 
 The list of STIGs that we are currently covering.
 
 |Name|Description|
 | ---- | --- |
-|[Browser](https://github.com/Microsoft/PowerStig/wiki/Browser) | Provides a mechanism to manage Browser STIG settings. |
+|[Adobe](https://github.com/Microsoft/PowerStig/wiki/Adobe)| Provides a mechanism to manage Adobe STIG settings.|
+|[Chrome](https://github.com/Microsoft/PowerStig/wiki/Chrome)| Provides a mechanism to manage Google Chrome STIG settings.|
 |[DotNetFramework](https://github.com/Microsoft/PowerStig/wiki/DotNetFramework) | Provides a mechanism to manage .Net Framework STIG settings. |
+|[Edge](https://github.com/Microsoft/PowerStig/wiki/Edge) | Provides a mechanism to manage Microsoft Edge STIG settings. |
+|[Firefox](https://github.com/Microsoft/PowerStig/wiki/Firefox) | Provides a mechanism to manage Firefox STIG settings. |
+|[IisServer](https://github.com/Microsoft/PowerStig/wiki/IisServer) | Provides a mechanism to manage IIS Server settings. |
+|[IisSite](https://github.com/Microsoft/PowerStig/wiki/IisSite) | Provides a mechanism to manage IIS Site settings. |
+|[InternetExplorer](https://github.com/Microsoft/PowerStig/wiki/InternetExplorer) | Provides a mechanism to manage Microsoft Internet Explorer settings. |
+|[McAfee](https://github.com/Microsoft/PowerStig/wiki/McAfee) | Provides a mechanism to manage McAfee settings. |
 |[Office](https://github.com/Microsoft/PowerStig/wiki/Office) | Provides a mechanism to manage Microsoft Office STIG settings. |
+|[OracleJRE](https://github.com/Microsoft/PowerStig/wiki/OracleJRE) | Provides a mechanism to manage Oracle Java Runtime Environment STIG settings. |
+|[RHEL](https://github.com/Microsoft/PowerStig/wiki/RHEL) | Provides a mechanism to manage RedHat Enterprise Linux STIG settings. |
 |[SqlServer](https://github.com/Microsoft/PowerStig/wiki/SqlServer) | Provides a mechanism to manage SqlServer STIG settings. |
+|[Ubuntu](https://github.com/Microsoft/PowerStig/wiki/Ubuntu) | Provides a mechanism to manage Ubuntu Linux STIG settings. |
+|[Vsphere](https://github.com/Microsoft/PowerStig/wiki/Vsphere) | Provides a mechanism to manage VMware Vsphere STIG settings. |
+|[WindowsClient](https://github.com/Microsoft/PowerStig/wiki/WindowsClient) | Provides a mechanism to manage Windows Client STIG settings. |
+|[WindowsDefender](https://github.com/Microsoft/PowerStig/wiki/WindowsDefender) | Provides a mechanism to manage Windows Defender STIG settings. |
 |[WindowsDnsServer](https://github.com/Microsoft/PowerStig/wiki/WindowsDnsServer) | Provides a mechanism to manage Windows DNS Server STIG settings. |
 |[WindowsFirewall](https://github.com/Microsoft/PowerStig/wiki/WindowsFirewall) | Provides a mechanism to manage the Windows Firewall STIG settings. |
 |[WindowsServer](https://github.com/Microsoft/PowerStig/wiki/WindowsServer) | Provides a mechanism to manage the Windows Server STIG settings. |
@@ -134,3 +147,4 @@ We are especially thankful for those who have contributed pull requests to the c
 * [@mikedzikowski](https://github.com/mikedzikowski) (Mike Dzikowski)
 * [@togriffith](https://github.com/mikedzikowski) (Tony Griffith)
 * [@hinderjd](https://github.com/hinderjd) (James Hinders)
+* [@ruandersMSFT](https://github.com/ruandersMSFT) (Russell Anderson)

README.md

@@ -86,6 +86,8 @@ data exclusionRuleList
         V-204440 = 'RHEL: At present, unable to automate rule'
         V-204456 = 'RHEL: At present, unable to automate rule'
         V-228564 = 'RHEL: At present, unable to automate rule'
+        V-251704 = 'RHEL: At present, unable to automate rule'
+        V-255927 = 'RHEL: At present, unable to automate rule'
         V-219151 = 'Ubuntu: At present, unable to automate rule'
         V-219155 = 'Ubuntu: At present, unable to automate rule'
         V-219164 = 'Ubuntu: At present, unable to automate rule'
@@ -103,6 +105,16 @@ data exclusionRuleList
         V-219326 = 'Ubuntu: At present, unable to automate rule'
         V-219331 = 'Ubuntu: At present, unable to automate rule'
         V-219341 = 'Ubuntu: At present, unable to automate rule'
+        V-219159 = 'Ubuntu: At present, unable to automate rule'
+        V-219163 = 'Ubuntu: At present, unable to automate rule'
+        V-219228 = 'Ubuntu: At present, unable to automate rule'
+        V-219229 = 'Ubuntu: At present, unable to automate rule'
+        V-219230 = 'Ubuntu: At present, unable to automate rule'
+        V-219231 = 'Ubuntu: At present, unable to automate rule'
+        V-219232 = 'Ubuntu: At present, unable to automate rule'
+        V-219233 = 'Ubuntu: At present, unable to automate rule'
+        V-219330 = 'Ubuntu: At present, unable to automate rule'
+        V-255907 = 'Ubuntu: At present, unable to automate rule'
         V-235722 = 'Edge: Rule requires an unknown list and count of whitelisted domains, unable to automate rule'
         V-235753 = 'Edge: Rule requires an unknown list and count of whitelisted domains, unable to automate rule'
         V-235755 = 'Edge: Rule requires an unknown list and count of whitelisted extensions, unable to automate rule'

source/Module/Common/Convert/Data.ps1

@@ -451,6 +451,7 @@ function Split-BenchmarkId
             # The Windows Server 2012 and 2012 R2 STIGs are combined, so return the 2012R2
             $id = $id -replace '_2012_', '_2012R2_'
             $returnId = $id -replace ($windowsVariations -join '|'), 'WindowsServer'
+            $returnId = $returnId -replace 'MS_', ''
             continue
         }
         {$PSItem -match "Active_Directory"}
@@ -514,8 +515,8 @@ function Split-BenchmarkId
         {$PSItem -match 'Ubuntu'}
         {
             $ubuntuId = $id -split '_'
-            $ubuntuVersion = $ubuntuId[3] -replace '-', '.'
-            $returnId = '{0}_{1}' -f $ubuntuId[2], $ubuntuVersion
+            $ubuntuVersion = $ubuntuId[-1] -replace '-', '.'
+            $returnId = '{0}_{1}' -f $ubuntuId[-2], $ubuntuVersion
             continue
         }
         default

source/Module/Common/Functions.XccdfXml.ps1

@@ -66,6 +66,9 @@ class AuditPolicyRuleConvert : AuditPolicyRule
         $thisSubcategory = $regex.Groups.Where(
             {$_.Name -eq 'subcategory'}
         ).Value
+        
+        # Windows STIGS have 'Audit Audit' as part of the string, but the actual policy is 'Audit Policy Change'
+        $thisSubcategory = $thisSubcategory -replace 'Audit Audit', 'Audit'
 
         if (-not $this.SetStatus($thisSubcategory))
         {

source/Module/Rule.AuditPolicy/Convert/AuditPolicyRule.Convert.psm1

@@ -6,7 +6,7 @@
     RootModule = 'PowerStig.psm1'
 
     # Version number of this module.
-    ModuleVersion = '4.15.0'
+    ModuleVersion = '4.16.0'
 
     # ID used to uniquely identify this module
     GUID = 'a132f6a5-8f96-4942-be25-b213ee7e4af3'

source/PowerStig.psd1

@@ -1,4 +1,4 @@
-V-221561::3. If the value name DefaultPopupsSetting::3. If the DefaultPopupsSetting value name 
+V-221561::3. If the value name DefaultPopupsSetting::3. If the DefaultPopupsSetting value name
 V-221562::3. If the a registry value name of 1 does not exist under that key or its value is not set to *::3. If the 1 value name does not exist under that key or its value data is not set to *
 V-221597::3. If the “::3. If the "
 V-221599::3. If the key "DeveloperToolsAvailability"::3. If the "DeveloperToolsAvailability" value name
@@ -10,4 +10,4 @@ V-221588::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ke
 V-221596::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'AutoplayAllowlist'; ValueType = 'MultiString';  ValueData = $null; OrganizationValueTestString = "{0} -eq 'a list of administrator-approved URLs"}
 V-234701::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'SSLVersionMin'; ValueType = 'String';  ValueData = 'tls1.2'}
 V-245539::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Absent'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'CookiesSessionOnlyForUrls'}
-V-221572::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklis'; ValueName = 'CookiesSessionOnlyForUrls'; ValueType = 'String'; ValueData = 'javascript://*'}
+V-221572::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklist'; ValueName = 'CookiesSessionOnlyForUrls'; ValueType = 'String'; ValueData = 'javascript://*'}

source/StigData/Archive/Chrome/U_Google_Chrome_STIG_V2R7_Manual-xccdf.log

@@ -1,4 +1,4 @@
-V-221561::3. If the value name DefaultPopupsSetting::3. If the DefaultPopupsSetting value name 
+V-221561::3. If the value name DefaultPopupsSetting::3. If the DefaultPopupsSetting value name
 V-221562::3. If the a registry value name of 1 does not exist under that key or its value is not set to *::3. If the 1 value name does not exist under that key or its value data is not set to *
 V-221597::3. If the “::3. If the "
 V-221599::3. If the key "DeveloperToolsAvailability"::3. If the "DeveloperToolsAvailability" value name

source/StigData/Archive/Chrome/U_Google_Chrome_STIG_V2R6_Manual-xccdf.log renamed to source/StigData/Archive/Chrome/U_Google_Chrome_STIG_V2R8_Manual-xccdf.log

@@ -22,7 +22,7 @@ V-204511::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; Contains
 V-204512::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/audisp/audisp-remote.conf'; OrganizationValueTestString = 'the "network_failure_action" option is set to "SYSLOG", "SINGLE", or "HALT"; i.e.: "network_failure_action = syslog" '}
 V-204515::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/audit/auditd.conf'; OrganizationValueTestString = 'the value of the "action_mail_acct" keyword is set to "root" and/or other accounts for security personnel; i.e.: "action_mail_acct = root" '}
 V-204576::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = $null; FilePath = '/etc/security/limits.d/204576-powerstig.conf'; OrganizationValueTestString = 'the "maxlogins" value is set to "10" or less '}
-V-204579::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/profile.d/tmout.sh'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile.d/tmout.sh'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/tmout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}
+V-204579::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/profile.d/tmout.sh'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile.d/tmout.sh'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/tmout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/bashrc'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/bashrc" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}
 V-204584::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'kernel.randomize_va_space = 2'; FilePath = '/etc/sysctl.d/204584-powerstig.conf'}
 V-204609::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'net.ipv4.conf.all.accept_source_route = 0'; FilePath = '/etc/sysctl.d/204609-powerstig.conf'}
 V-204610::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'net.ipv4.conf.all.rp_filter = 1'; FilePath = '/etc/sysctl.d/204610-powerstig.conf'}
@@ -40,4 +40,4 @@ V-237635::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = $null
 V-244557::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/boot/grub2/grub.cfg'; OrganizationValueTestString = '"set superusers =" is set to a unique name in /boot/grub2/grub.cfg'}
 V-244558::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/boot/efi/EFI/redhat/grub.cfg'; OrganizationValueTestString = '"set superusers =" is set to a unique name in /boot/efi/EFI/redhat/grub.cfg'}
 V-250314::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = '%wheel ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL'; FilePath = '/etc/sudoers.d/250314-powerstig.conf'}
-V-251704::*::HardCodedRule(ManualRule)@{DscResource = 'None'}
+V-255926::*::HardCodedRule(nxPackageRule)@{DscResource = 'nxPackage'; Ensure = 'Present'; Name = $null; OrganizationValueTestString = 'Specify either tmux or screen depending on preference'}

source/StigData/Archive/Chrome/U_Google_Chrome_STIG_V2R6_Manual-xccdf.xml renamed to source/StigData/Archive/Chrome/U_Google_Chrome_STIG_V2R8_Manual-xccdf.xml

@@ -8,3 +8,4 @@ V-219303::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc
 V-219306::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'auth.*,authpriv.* /var/log/secure'; DoesNotContainPattern = '#\s*auth\.\*,\s*authpriv\.\*.*'; FilePath = '/etc/rsyslog.d/50-default.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'daemon.notice /var/log/messages'; DoesNotContainPattern = '#\sdaemon.*'; FilePath = '/etc/rsyslog.d/50-default.conf'}
 V-219307::Ciphers aes256-ctr,aes192-ctr, aes128-ctr::Ciphers aes256-ctr,aes192-ctr,aes128-ctr
 V-219339::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'install usb-storage /bin/true'; DoesNotContainPattern = '#\s*install\s*usb-storage\s*/bin/true'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'blacklist usb-storage'; DoesNotContainPattern = '#\s*blacklist\s*usb-storage'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}
+V-219343::*::HardCodedRule(nxPackageRule)@{DscResource = 'nxPackage'; Ensure = 'Present'; Name = 'aide'}

source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R8_Manual-xccdf.log renamed to source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R10_Manual-xccdf.log

@@ -31,8 +31,8 @@ V-223355::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; En
 V-223358::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Present'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\security'; ValueName = 'usecrlchasing' ;ValueType = 'Dword'; ValueData = '1'}
 V-223376::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Project\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
 V-223377::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\powerpoint\security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
-V-223311::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
-V-223392::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Publisher\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
+V-223311::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 3|4"}
+V-223392::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Publisher\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 3|4"}
 V-223393::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Visio\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
 V-223417::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Word\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
 V-223309::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility'; ValueData = 'Block all Flash activation'; ValueName = 'COMMENT'; ValueType = 'String'}