UCF STIG Viewer Logo

The self-protection feature of the McAfee MOVE AV [Multi-Platform] Client, designed to prevent malicious attacks on McAfee MOVE AV Multi-Platform software components, must be enabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-42954 AV-MOVE-CLT-020 SV-55683r2_rule High
Description
The self-protection feature defends files, services, and registry keys on virtual machines and will ensure uninterrupted protection.
STIG Date
McAfee MOVE 2.6/3.6.1 Multi-Platform Client STIG 2016-04-05

Details

Check Text ( C-49140r2_chk )
Access the system to which McAfee MOVE Client is installed.

Click Start, All Programs, Accessories. Right-click on the "Command Prompt" and choose to "Run-as administrator". This is necessary, even if logged in as an administrator.

On the local client, access a cmd window, running as administrator.
In the command window, navigate to the path to which the McAfee MOVE AV Client is installed (default is "C:\Program Files\McAfee\MOVE AV Client" on 32-bit systems and "C:\Program Files (x86)\McAfee\MOVE AV Client" on 64-bit systems).

Execute the following command:
mvadm config show

The executed command will display settings for the McAfee MOVE AV Client installation.

Verify the "IntegrityEnabled" setting is configured to "7 (0x7)".
NOTE: The setting of "7 (0x7)" for the "IntegrityEnabled" protects all McAfee AV Client services, registry, and files.

If the "IntegrityEnabled" setting is not configured to "7 (0x7)", this is a finding.
Fix Text (F-48533r1_fix)
Access the system to which McAfee MOVE Client is installed.

Click Start, All Programs, Accessories. Right-click on the "Command Prompt" and choose to "Run-as administrator". This is necessary, even if logged in as an administrator.

In the command window, navigate to the path to which the McAfee MOVE AV Client is installed (default is "C:\Program Files\McAfee\MOVE AV Client" on 32-bit systems and "C:\Program Files (x86)\McAfee\MOVE AV Client" on 64-bit systems).

Execute the following command:
mvadm config set IntegrityEnabled=7

Execute the following command:
mvadm config show

The executed command will display settings for the McAfee MOVE AV Client installation.
Verify the "IntegrityEnabled" setting is configured to "7 (0x7)".