UCF STIG Viewer Logo

The McAfee MOVE AV [Multi-Platform] Offload Scan Server must have McAfee VirusScan Enterprise 8.8 (or most current version) installed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-42964 AV-MOVE-OSS-001 SV-55693r2_rule High
Description
Organizations should deploy anti-virus software on all hosts for which satisfactory anti-virus software is available. Anti-virus software should be installed as soon after OS installation as possible and then updated with the latest signatures and anti-virus software patches (to eliminate any known vulnerabilities in the anti-virus software itself). To support the security of the host, the anti-virus software should be configured and maintained properly so it continues to be effective at detecting and stopping malware. Anti-virus software is most effective when its signatures are fully up-to-date. Accordingly, anti-virus software should be kept current with the latest signature and software updates to improve malware detection.
STIG Date
McAfee MOVE 3.6.1 Multi-Platform OSS STIG 2016-09-30

Details

Check Text ( C-49145r2_chk )
Access the server designated as the McAfee MOVE Offload Scan Server. In the taskbar, right-click the red McAfee Agent shield and select "About".

Under "McAfee Agent", ensure the "Last agent-to-server communication:" is within the time period designated by the "Agent to Server Communication Interval".

Ensure the "McAfee VirusScan Enterprise + AntiSpyware Enterprise" is listed as an installed product.

Ensure the version number is 8.8.0 or higher.

An alternative method for validating--From the ePO server console System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties.

Under "System Properties" tab, ensure the "Last communication" is within the time period designated by the "Agent-to-Server Communication Interval:" under the "McAfee Agent" tab.

Under the System Properties tab, next to the Installed Products field, ensure VirusScan Enterprise 8.8.0.x is listed as an installed product.

Ensure the "Product Version" for VirusScan Enterprise is listed as 8.8.0 or higher.

If VirusScan Enterprise 8.8.0 or higher is not installed and/or the Last communication to the ePO server is not within the specified Agent-to-Server Communication interval, this is a finding.
Fix Text (F-48543r5_fix)
Access the ePO server. From the System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties. Click on Actions, Agent, Modify Tasks on a Single System.

Click on Actions, then click New Client Task Assignment.

Under Product, select McAfee Agent. Under Task Type, select Product Deployment. Under Task Name, select Create New Task.

Next to Task Name, enter "Deploy VSE to MOVE OSS"

Next to Target Platforms, ensure only Windows is selected.

In the drop-down box for Products and components, select VirusScan Enterprise 8.8.0.x and ensure the drop-down box for Action is set to Install. Click Save.

Click Next.
For the "Schedule status:", select "Enabled".

Configure the schedule variable in accordance with local Change Control policy and click Next.

On "Summary" tab, click "Save", and then "Close".

Back at the "Systems Information" screen, click on the "Wake Up Agents" button.

In the "Wake Up McAfee Agent" screen, for the "Force policy update:" settings, place a check in the "Force complete policy and task update" check box.

Click on OK.