The McAfee Application Control Options Inventory interval option must be configured to pull inventory from endpoints on a regular basis not to exceed seven days.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-74243 | MCAC-TE-000115 | SV-88917r1_rule | Medium |
| Description |
|---|
| This is the minimum interval between consecutive inventory pull runs (when the inventory information is fetched from the endpoints). By default, this value is 7 days and is the recommended setting. Pulling at an interval of greater than 7 days will allow for the inventory of endpoints to become stale. |
| STIG | Date |
|---|---|
| McAfee Application Control 7.x Security Technical Implementation Guide | 2017-04-07 |
Details
| Check Text ( C-74279r1_chk ) |
|---|
| From the ePO server console System Tree, select the "Systems" tab. Select "This Group and All Subgroups". Select the asset to be validated. Select "Actions". Select "Agent". Select "Modify Policies on a Single System". From the product pull-down list, select Solidcore 7.x: Application Control. From the "Policy" column, select the policy associated with the Category "Application Control Options (Windows)". On the "Inventory" tab, review options selected. If the "Pull Complete Inventory Interval" option is not configured to pull on a regular basis at a frequency not to exceed "7" days, this is a finding. |
| Fix Text (F-80785r1_fix) |
|---|
| From the ePO server console System Tree, select the "Systems" tab. Select "This Group and All Subgroups". Select the asset to be validated. Select "Actions". Select "Agent". Select "Modify Policies on a Single System". From the product pull-down list, select Solidcore 7.x: Application Control. From the "Policy" column, select the policy associated with the Category "Application Control Options (Windows)". On the "Inventory" tab, populate the "Inventory: Pull Complete Inventory Interval days between consecutive inventory pulls" with a frequency not to exceed "7" days. Click "Save". |