Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-42974 | AV-MOVE-OSS-008 | SV-55703r2_rule | Medium |
Description |
---|
Due to the ability of malware to mutate after infection, standard anti-virus signatures may not be able to catch new strains or variants of the malware. Typically, these strains and variants will share unique characteristics with others in their virus family. By using a generic signature to detect the shared characteristics, using wildcards where differences lie, the generic signature can detect viruses even if they are padded with extra, meaningless code. This method of detection is Heuristic detection. |
STIG | Date |
---|---|
McAfee MOVE 3.6.1 Multi-Platform OSS STIG | 2016-09-30 |
Check Text ( C-49151r2_chk ) |
---|
From the ePO server console System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties, select Actions, select Agent, and select Modify Policies on a Single System. From the product drop-down list, select MOVE AV [Multi-Platform] Offload Scan Server 3.6.1. Click on the MOVE AV [Multi-Platform] Offload Scan Server policy to open the properties. On the Scan Settings tab, ensure the "Scan for Unwanted Programs:" "Enable scanning for potentially unwanted programs" check box is selected. If the "Enable scanning for potentially unwanted programs." check box is not selected, this is a finding. On the system designated as the McAfee MOVE Offload Scan Server, access a cmd window, running as administrator. Navigate to the path to which the McAfee MOVE AV Server software has been installed (default is C:\Program Files (x86)\McAfee\MOVE AV Server). Execute the following command: mvadm config show From the displayed configuration, ensure the "ScanPUPS" value is set to 1. If the "ScanPUPS" is set to 0, this is a finding. |
Fix Text (F-48554r2_fix) |
---|
From the ePO server console System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties, select Actions, select Agent, and select Modify Policies on a Single System. From the product drop-down list, select MOVE AV [Multi-Platform] Offload Scan Server 3.6.1. Click on the MOVE AV [Multi-Platform] Offload Scan Server policy to open the properties. On the Scan Settings tab, place a check in the "Scan for Unwanted Programs: Enable scanning for potentially unwanted programs." check box. Click Save. |