The McAfee Application Control Options Inventory option must be configured to hide OS Files.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-74241 | MCAC-TE-000114 | SV-88915r1_rule | Medium |
| Description |
|---|
| By default, the Windows operating system files are excluded from the inventory. By selecting this option, the overwhelming the inventory with legitimate Windows Files in the <system drive>\Windows folder which are signed by the Microsoft certificate and all files in the <system drive>\Windows\winsxs folder will not be included in the inventory. |
| STIG | Date |
|---|---|
| McAfee Application Control 7.x Security Technical Implementation Guide | 2018-01-03 |
Details
| Check Text ( C-74277r1_chk ) |
|---|
| From the ePO server console System Tree, select the "Systems" tab. Select "This Group and All Subgroups". Select the asset to be validated. Select "Actions". Select "Agent". Select "Modify Policies on a Single System". From the product pull-down list, select Solidcore 7.x: Application Control. From the "Policy" column, select the policy associated with the Category "Application Control Options (Windows)". On the "Inventory" tab, review options selected. If the "Hide Windows OS Files: Inventory items signed with Microsoft certificates will not be sent to McAfee ePO." option is not selected, this is a finding. |
| Fix Text (F-80783r2_fix) |
|---|
| From the ePO server console System Tree, select the "Systems" tab. Select "This Group and All Subgroups". Select the asset. Select "Actions". Select "Agent". Select "Modify Policies on a Single System". From the product pull-down list, select Solidcore 7.x: Application Control. From the "Policy" column, select the policy associated with the Category "Application Control Options (Windows)". On the "Inventory" tab, place a check in the "Inventory: Hide Windows OS Files: Inventory items signed with Microsoft certificates will not be sent to McAfee ePO." check box. Click "Save". |