V-42954 | High | The self-protection feature of the McAfee MOVE AV [Multi-Platform] Client, designed to prevent malicious attacks on McAfee MOVE AV Multi-Platform software components, must be enabled. | The self-protection feature defends files, services, and registry keys on virtual machines and will ensure uninterrupted protection. |
V-42936 | High | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured to enable malware protection. | Antivirus software should be installed as soon after OS installation as possible and then updated with the latest signatures and antivirus software patches (to eliminate any known vulnerabilities... |
V-42939 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured with the IP address of the secondary Offload Scan Server used by all virtual machines using this policy. | Organizations should use centrally managed antivirus software that is controlled and monitored regularly by antivirus administrators, who are also typically responsible for acquiring, testing,... |
V-42958 | Medium | If the McAfee MOVE AV [Multi-Platform] Client General policy is configured with process exclusions, those exclusions must be formally documented and approved by the ISSO/ISSM. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner... |
V-42956 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured with the listening port of the primary Offload Scan Server used by all virtual machines using this policy. | Organizations should use centrally managed antivirus software that is controlled and monitored regularly by antivirus administrators, who are also typically responsible for acquiring, testing,... |
V-42957 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured with the listening port of the secondary Offload Scan Server used by all virtual machines using this policy. | Organizations should use centrally managed antivirus software that is controlled and monitored regularly by antivirus administrators, who are also typically responsible for acquiring, testing,... |
V-42933 | Medium | All other antivirus products must be removed from the virtual machine while the McAfee AV Client is running. | Organizations should deploy antivirus software on all hosts for which satisfactory antivirus software is available. Antivirus software should be installed as soon after OS installation as possible... |
V-42952 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured with the location of SYSTEM_DRIVE\quarantine to ensure consistency across all systems. | The quarantine on each system represents a potential danger should the files contained within the quarantine inadvertently be executed.
To better manage the quarantine on all systems, the... |
V-42935 | Medium | The McAfee MOVE AV [Multi-Platform] Client policies must be configured with, and managed by, the HBSS ePO server. | Organizations should use centrally managed antivirus software that is controlled and monitored regularly by antivirus administrators, who are also typically responsible for acquiring, testing,... |
V-42937 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured with the IP address of the primary Offload Scan Server used by all virtual machines using this policy. | Organizations should use centrally managed antivirus software that is controlled and monitored regularly by antivirus administrators, who are also typically responsible for acquiring, testing,... |
V-42955 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured to deny access to files if first action fails. | Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it... |
V-42953 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured to automatically delete quarantined data after a time period of no more than 28 days. | The quarantine on each system represents a potential danger should the files contained within the quarantine inadvertently be executed. Deleting the quarantine contents on a regular basis will... |
V-42950 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured to delete files automatically as first action. | Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it... |
V-42951 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured to enable the quarantine. | Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it... |
V-42940 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured with a scan timeout of 180 seconds or more. | This setting configures the amount of time to wait for a scan to complete, in seconds. The default setting is 45 seconds. This is the duration for which a McAfee MOVE AV Agent will wait for scan... |
V-42943 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured to expire cached scan results after a time period of no more than 24 hours. | Antivirus software should be installed as soon after OS installation as possible and then updated with the latest signatures and antivirus software patches (to eliminate any known vulnerabilities... |
V-42942 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured to cache scan results for files smaller than 40MB. | This setting configures the maximum file size (in MB) up to which scan results should be cached. The default setting is 40MB. Files smaller than this threshold are copied completely to the Offload... |
V-42945 | Medium | The McAfee MOVE AV [Multi-Platform] General policy must be configured to scan when reading from disk. | Antivirus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are read from disk is a crucial first line of defense from malware attacks. |
V-42944 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured to scan when writing to disk. | Antivirus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are written to disk is a crucial first line of defense from... |
V-42947 | Medium | If the McAfee MOVE AV [Multi-Platform] Client General policy is configured with path or file exclusions, those exclusions must be formally documented and approved by the ISSO/ISSM. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner... |
V-42946 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured to scan all file types. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner... |
V-42949 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured to send malware detection events to the HBSS ePO server. | Forensic identification is the practice of identifying infected hosts by looking for evidence of recent infections. The evidence may be very recent (only a few minutes old) or not so recent (hours... |
V-42948 | Medium | The McAfee MOVE AV [Multi-Platform] Client General policy must be configured to report malware detections to the client event log. | Forensic identification is the practice of identifying infected hosts by looking for evidence of recent infections. The evidence may be very recent (only a few minutes old) or not so recent (hours... |