The self-protection feature of the McAfee MOVE AV [Multi-Platform] Client, designed to prevent malicious attacks on McAfee MOVE AV Multi-Platform software components, must be enabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-42954	AV-MOVE-CLT-020	SV-55683r2_rule		High

Description
The self-protection feature defends files, services, and registry keys on virtual machines and will ensure uninterrupted protection.

STIG	Date
McAfee MOVE 2.6/3.6.1 Multi-Platform Client STIG	2016-04-05

Details

Check Text ( C-49140r2_chk )
Access the system to which McAfee MOVE Client is installed. Click Start, All Programs, Accessories. Right-click on the "Command Prompt" and choose to "Run-as administrator". This is necessary, even if logged in as an administrator. On the local client, access a cmd window, running as administrator. In the command window, navigate to the path to which the McAfee MOVE AV Client is installed (default is "C:\Program Files\McAfee\MOVE AV Client" on 32-bit systems and "C:\Program Files (x86)\McAfee\MOVE AV Client" on 64-bit systems). Execute the following command: mvadm config show The executed command will display settings for the McAfee MOVE AV Client installation. Verify the "IntegrityEnabled" setting is configured to "7 (0x7)". NOTE: The setting of "7 (0x7)" for the "IntegrityEnabled" protects all McAfee AV Client services, registry, and files. If the "IntegrityEnabled" setting is not configured to "7 (0x7)", this is a finding.

Check Text ( C-49140r2_chk )

Access the system to which McAfee MOVE Client is installed.

Click Start, All Programs, Accessories. Right-click on the "Command Prompt" and choose to "Run-as administrator". This is necessary, even if logged in as an administrator.

On the local client, access a cmd window, running as administrator.
In the command window, navigate to the path to which the McAfee MOVE AV Client is installed (default is "C:\Program Files\McAfee\MOVE AV Client" on 32-bit systems and "C:\Program Files (x86)\McAfee\MOVE AV Client" on 64-bit systems).

Execute the following command:
mvadm config show

The executed command will display settings for the McAfee MOVE AV Client installation.

Verify the "IntegrityEnabled" setting is configured to "7 (0x7)".
NOTE: The setting of "7 (0x7)" for the "IntegrityEnabled" protects all McAfee AV Client services, registry, and files.

If the "IntegrityEnabled" setting is not configured to "7 (0x7)", this is a finding.

Fix Text (F-48533r1_fix)
Access the system to which McAfee MOVE Client is installed. Click Start, All Programs, Accessories. Right-click on the "Command Prompt" and choose to "Run-as administrator". This is necessary, even if logged in as an administrator. In the command window, navigate to the path to which the McAfee MOVE AV Client is installed (default is "C:\Program Files\McAfee\MOVE AV Client" on 32-bit systems and "C:\Program Files (x86)\McAfee\MOVE AV Client" on 64-bit systems). Execute the following command: mvadm config set IntegrityEnabled=7 Execute the following command: mvadm config show The executed command will display settings for the McAfee MOVE AV Client installation. Verify the "IntegrityEnabled" setting is configured to "7 (0x7)".

Fix Text (F-48533r1_fix)

Access the system to which McAfee MOVE Client is installed.

Click Start, All Programs, Accessories. Right-click on the "Command Prompt" and choose to "Run-as administrator". This is necessary, even if logged in as an administrator.

In the command window, navigate to the path to which the McAfee MOVE AV Client is installed (default is "C:\Program Files\McAfee\MOVE AV Client" on 32-bit systems and "C:\Program Files (x86)\McAfee\MOVE AV Client" on 64-bit systems).

Execute the following command:
mvadm config set IntegrityEnabled=7

Execute the following command:
mvadm config show

The executed command will display settings for the McAfee MOVE AV Client installation.
Verify the "IntegrityEnabled" setting is configured to "7 (0x7)".