The McAfee MOVE AV [Multi-Platform] Offload Scan Server must have McAfee VirusScan Enterprise 8.8 (or most current version) installed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-42964	AV-MOVE-OSS-001	SV-55693r1_rule		High

Description
Organizations should deploy anti-virus software on all hosts for which satisfactory anti-virus software is available. Anti-virus software should be installed as soon after OS installation as possible and then updated with the latest signatures and anti-virus software patches (to eliminate any known vulnerabilities in the anti-virus software itself). To support the security of the host, the anti-virus software should be configured and maintained properly so it continues to be effective at detecting and stopping malware. Anti-virus software is most effective when its signatures are fully up-to-date. Accordingly, anti-virus software should be kept current with the latest signature and software updates to improve malware detection.

Description

Organizations should deploy anti-virus software on all hosts for which satisfactory anti-virus software is available. Anti-virus software should be installed as soon after OS installation as possible and then updated with the latest signatures and anti-virus software patches (to eliminate any known vulnerabilities in the anti-virus software itself). To support the security of the host, the anti-virus software should be configured and maintained properly so it continues to be effective at detecting and stopping malware. Anti-virus software is most effective when its signatures are fully up-to-date. Accordingly, anti-virus software should be kept current with the latest signature and software updates to improve malware detection.

STIG	Date
McAfee MOVE 2.6 Multi-Platform OSS STIG	2015-10-05

Details

Check Text ( C-49145r1_chk )
Access the server designated as the McAfee MOVE Offload Scan Server. In the taskbar, right-click the red McAfee Agent shield and select "About". Under "McAfee Agent", ensure the "Last agent-to-server communication:" is within the time period designated by the "Agent to Server Communication Interval". Ensure the "McAfee VirusScan Enterprise + AntiSpyware Enterprise" is listed as an installed product. Ensure the version number is 8.8.0 or higher. An alternative method for validating--From the ePO server console System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties. Under "System Information" section, ensure the "Last communication" is within the time period designated by the "Agent-to-Server Communication Interval:" under the "McAfee Agent" section. Under "System information" section, ensure "VirusScan Enterprise" is listed as an installed product. Ensure the "Product Version" for VirusScan Enterprise is listed as 8.8.0 or higher. If VirusScan Enterprise 8.8.0 or higher is not installed and/or the Last communication to the ePO server is not within the specified Agent-to-Server Communication interval, this is a finding.

Check Text ( C-49145r1_chk )

Access the server designated as the McAfee MOVE Offload Scan Server. In the taskbar, right-click the red McAfee Agent shield and select "About".

Under "McAfee Agent", ensure the "Last agent-to-server communication:" is within the time period designated by the "Agent to Server Communication Interval".

Ensure the "McAfee VirusScan Enterprise + AntiSpyware Enterprise" is listed as an installed product.

Ensure the version number is 8.8.0 or higher.

An alternative method for validating--From the ePO server console System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties.

Under "System Information" section, ensure the "Last communication" is within the time period designated by the "Agent-to-Server Communication Interval:" under the "McAfee Agent" section.

Under "System information" section, ensure "VirusScan Enterprise" is listed as an installed product.

Ensure the "Product Version" for VirusScan Enterprise is listed as 8.8.0 or higher.

If VirusScan Enterprise 8.8.0 or higher is not installed and/or the Last communication to the ePO server is not within the specified Agent-to-Server Communication interval, this is a finding.

Fix Text (F-48543r3_fix)
Access the ePO server. From the System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties. Click on Actions, Agent, Modify Tasks on a Single System. Click on Actions, then click New Task. Name the new task "Deploy McAfee VSE 8.8 to MOVE server". For the "Type:", select "Product Deployment" from the drop-down list and click Next. For the "Products and components:", select "VirusScan Enterprise 8.8.x" and ensure the "Action:" is "Install" and click Next. For the "Schedule status:", select "Enabled". Configure the schedule variable in accordance with local Change Control policy and click Next. On "Summary" tab, click "Save", and then "Close". Back at the "System Details" screen, click on the "Wake Up Agents" button. In the "Wake Up McAfee Agent" screen, for the "Force policy update:" settings, place a check in the "Force complete policy and task update" check box. Click on OK.

Fix Text (F-48543r3_fix)

Access the ePO server. From the System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties. Click on Actions, Agent, Modify Tasks on a Single System.

Click on Actions, then click New Task.

Name the new task "Deploy McAfee VSE 8.8 to MOVE server".

For the "Type:", select "Product Deployment" from the drop-down list and click Next.

For the "Products and components:", select "VirusScan Enterprise 8.8.x" and ensure the "Action:" is "Install" and click Next.

For the "Schedule status:", select "Enabled".

Configure the schedule variable in accordance with local Change Control policy and click Next.

On "Summary" tab, click "Save", and then "Close".

Back at the "System Details" screen, click on the "Wake Up Agents" button.

In the "Wake Up McAfee Agent" screen, for the "Force policy update:" settings, place a check in the "Force complete policy and task update" check box.

Click on OK.