We installed Network Performance Monitor 11.5.3 (I think that's the version) on a pre-hardened image of Windows 2012 R2. This Windows installation already had FIPS turned on. After the installation we then went through the Microsoft .NET Framework 4.0 DISA STIG against the machine. We discovered that the checklist item number v-30926 failed. It appears that the "enforceFIPSPolicy" parameter in the .Net Common Language Runtime configuration got changed to "false". The only thing that had changed was installing Solarwinds NPM. Is this something that the SolarWinds NPM installation changes?
We also noticed that it failed v-30968 in the same STIG checklist. The check content for this item wants us to
"Open Windows explorer and search for *.exe.config.
Search each config file found for the "loadFromRemoteSources" element.
If the loadFromRemoteSources element is enabled
("loadFromRemoteSources enabled = true"), and the remotely loaded application is not run in a sandboxed environment, or if OS based software controls, such as AppLocker or Software Security Policies, are not utilized, this is a finding."
We found that Orion.ActiveDiagnostics.exe.config had that property set to true. Is this typical? Can it be changed?
