Check or Attack Name: ClearPageFileAtShutdown

The Windows NT paging file is not cleared at shutdown. This file can contain sensitive information, and should be cleared upon shutdown if required by your security policy. Some versions of the Novell NetWare authentication module will store the username and password in cleartext, and this information can be extracted from the pagefile.

Using Registry Editor, set the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown value to 1.

WARNING: Incorrectly using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

To clear the Windows NT paging file at shutdow, follow these steps:

1. Open the Registry Editor. From the Windows NT Start menu, select Run.
2. Type regedt32 and click OK.
3. Go to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management key.
4. Double-click the ClearPageFileAtShutdown value to display the DWORD Editor.
5. Change the Data value to 1 and click OK.

Microsoft Knowledge Base Article Q182086, How to Clear the Windows NT Paging File at Shutdown, http://support.microsoft.com/support/kb/articles/q182/0/86.asp