UCF STIG Viewer Logo

The McAfee MOVE AV [Multi-Platform] Offload Scan Server must be managed by the HBSS ePO server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-42965 AV-MOVE-OSS-002 SV-55694r2_rule Medium
Description
Organizations should use centrally managed anti-virus software that is controlled and monitored regularly by anti-virus administrators, who are also typically responsible for acquiring, testing, approving, and delivering anti-virus signature and software updates throughout the organization. Users should not be able to disable or delete anti-virus software from their hosts, nor should they be able to alter critical settings. Anti-virus administrators should perform continuous monitoring to confirm that hosts are using current anti-virus software and that the software is configured properly. Implementing all of these recommendations should strongly support an organization in having a strong and consistent anti-virus deployment across the organization.
STIG Date
McAfee MOVE 3.6.1 Multi-Platform OSS STIG 2016-09-30

Details

Check Text ( C-49146r2_chk )
Access the server designated as the McAfee MOVE Offload Scan Server. In the taskbar, right-click the red McAfee Agent shield and select "McAfee Agent Status Monitor".

Click the "Collect and Send Props" button. This will perform the ASCI, send PROPS VERSION package to ePO, and close the session.

Click the "Enforce Policies" button. In the McAfee Agent Monitor, review the Management status lines and ensure one shows a status of "Enforcing Policies for MOVEOSS_2xxx" (where 2xxx represents the version level). This status line will confirm the system is enforcing policies for the McAfee MOVE AV Offload Scan Server.

If either the system does not show "Agent started performing ASCI", followed by a sequence of status lines showing the "Agent is sending PROPS VERSION package to ePO server" and "Agent communication session closed", or does not show a Management status line of "Enforcing Policies for MOVEOSS_2xxx", this is a finding.
Fix Text (F-48546r3_fix)
Access the ePO server. From the System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties.

If the asset representing the McAfee MOVE Offload Scan Server is not in the ePO server system tree, configure a task to deploy the McAfee Agent to the system designated as the McAfee MOVE Offload Scan Server.

Once the system is communicating with the ePO server and is in the ePO server system tree, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties.

Click on Actions, Agent, Modify Tasks on a Single System.

Click on Actions and select New Client Task Assignment.

Under Product, select McAfee Agent. Under Task Type, select Product Deployment. Under Task Name, select Create New Task.

Next to Task Name, enter "Deploy MOVE to the OSS"

Next to Target Platforms, ensure only Windows is selected.

In the drop-down box for Products and components, select MOVE AV [Multi-Platform] Offload Scan server 3.6.x and ensure the drop-down box for Action is set to Install. Click Save.

Click Next.

For the "Schedule status:", select "Enabled".

Configure the schedule variable in accordance with local Change Control policy and click Next.

On "Summary" tab, click "Save", then "Close".

Back at the "System Information" screen, click on the "Wake Up Agents" button.

In the "Wake Up McAfee Agent" screen, for the "Force policy update:" settings, place a check in the "Force complete policy and task update" check box.

Click on OK.