Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-42939 | AV-MOVE-CLT-005 | SV-55668r2_rule | Medium |
Description |
---|
Organizations should use centrally managed antivirus software that is controlled and monitored regularly by antivirus administrators, who are also typically responsible for acquiring, testing, approving, and delivering antivirus signature and software updates throughout the organization. |
STIG | Date |
---|---|
McAfee MOVE 3.6.1 Multi-Platform Client STIG | 2016-09-29 |
Check Text ( C-49126r2_chk ) |
---|
NOTE: Best practices suggest implementing a secondary McAfee MOVE AV [Multi-Platform] Offload Scan Server. If the organization does not use a secondary McAfee MOVE AV [Multi-Platform] Offload Scan Server, this check is not applicable. NOTE: The Offload Scan Server IP address can be configured in either the General or Offload Scan Server Assignment policy (the values entered in the Offload Scan Server Assignment policy will override the options defined in the General policy). If using the SVA Manager, the SVA Manager IP address, host name, or FQDN and MOVE SVA Manager Port should be entered in the Offload Scan Server Assignment policy. From the ePO server console System Tree, select the Systems tab, find and click on the asset to which the McAfee MOVE AV Client has been deployed. Select Actions, select Agent, and select Modify Policies on a Single System. From the product drop-down list, select MOVE AV [Multi-Platform] Client. Click on either the MOVE AV [Multi-Platform] Client General or Offload Scan Server Assignment policies to open the properties. Under the General tab, locate the "Offload Scan Server 2:" label. In the "IP Address, host name, or FQDN of Offload Scan Server 2. :" box, ensure the IP address of the organization's secondary McAfee MOVE Offload Scan Server is listed. If the "IP Address, host name, or FQDN of Offload Scan Server 2. :" box is not configured with the required value, this is a finding. On the local client, access a cmd window, running as administrator. Navigate to the path to which the McAfee MOVE AV Client has been installed (default is C:\Program Files\McAfee\MOVE AV Client on 32-bit systems or C:\Program Files(x86)\McAfee\MOVE AV Client on 64-bit systems). Execute the following command: mvadm config show If the "ServerAddress2" setting is empty, or does not have the IP address designated for the secondary Offload Scan Server, this is a finding. |
Fix Text (F-48519r2_fix) |
---|
NOTE: The Offload Scan Server IP address can be configured in either the General or Offload Scan Server Assignment policy (the values entered in the Offload Scan Server Assignment policy will override the options defined in the General policy). If using the SVA Manager, the SVA Manager IP address, host name, or FQDN and MOVE SVA Manager Port should be entered in the Offload Scan Server Assignment policy. From the ePO server console System Tree, select the Systems tab, find and click on the asset to which the McAfee MOVE AV Client has been deployed. Select Actions, select Agent, and select Modify Policies on a Single System. From the product drop-down list, select MOVE AV [Multi-Platform] Client. Click on either the MOVE AV [Multi-Platform] Client General or Offload Scan Server Assignment policies to open the properties. Under the General tab, locate the "Offload Scan Server 2:" label. In the "IP Address, host name, or FQDN of Offload Scan Server 2. :" box, input the organization's secondary McAfee MOVE Offload Scan Server's IP address. Click Save. |