| V-44931 | High | The McAfee MOVE AV Agentless Scan policy must be configured to enable On-Access scanning. | Antivirus software is the most commonly used technical control for malware threat mitigation. Antivirus software should be configured to perform real-time scans of each file as it is downloaded,... |
| V-49679 | High | The McAfee MOVE AV Agentless SVAadmin account password must be changed from the default. | The pre-configured Security Virtual Appliance (SVA) comes with a default password for the SVAadmin account. This account has root privileges to the Linux O/S of the appliance. By not changing the... |
| V-43788 | High | The Virtual Machine must have VMware vShield Endpoint thin client installed and shown as protected in the vShield Manager. | The vShield Manager is the centralized network management component of vShield, and is installed as a virtual appliance on an ESX host in a vCenter Server environment. The vShield Manager user... |
| V-44993 | Medium | The McAfee MOVE AV Agentless Scan policy must be configured to scan inside archives. | Malware is often packaged within an archive. In addition, archives might have other archives within. Not scanning archive files introduces the risk of infected files being introduced into the environment. |
| V-48855 | Medium | The McAfee MOVE AV Agentless Scan policy must be configured to find unknown macro threats. | Due to the ability of malware to mutate after infection, standard antivirus signatures may not be able to catch new strains or variants of the malware. Typically, these strains and variants will... |
| V-48857 | Medium | The McAfee MOVE AV Agentless Scan policy for Heuristics must be configured to find unknown unwanted programs and Trojans. | Due to the ability of malware to mutate after infection, standard antivirus signatures may not be able to catch new strains or variants of the malware. Typically, these strains and variants will... |
| V-48853 | Medium | The McAfee MOVE AV Agentless Scan policy must be configured to decode MIME encoded files. | Multipurpose Internet Mail Extensions (MIME) encoded files can be crafted to hide a malicious payload. When the MIME encoded file is presented to software that decodes the MIME encoded files, such... |
| V-43960 | Medium | The McAfee MOVE AV Agentless SVA Scan Settings policy must be configured with the SVA cache enabled.
| Enabling cache in the McAfee MOVE AV Agentless SVA will enable a more effective performance when scanning virtual machines. |
| V-43961 | Medium | The McAfee MOVE AV Agentless SVA Scan Settings policy must be configured to cache scan results for files up to a file size of 1 MB. | While enabling cache in the McAfee MOVE AV Agentless SVA will enable a more effective performance when scanning virtual machines, the file size of cached items needs to be restricted in order to... |
| V-43962 | Medium | The McAfee MOVE AV Agentless SVA Scan Settings policy for On-Demand Client Scan time interval must be set to no more than every 7 days. | Antivirus software is the most commonly used technical control for malware threat mitigation. Antivirus software on hosts should be configured to scan all hard drives regularly to identify any... |
| V-44935 | Medium | The McAfee MOVE AV Agentless Scan policy must be configured to enable On-Demand scanning. | Antivirus software is the mostly commonly used technical control for malware threat mitigation. Antivirus software on hosts should be configured to scan all hard drives and folders regularly to... |
| V-48859 | Medium | The McAfee MOVE AV Agentless Scan policy must be configured to use McAfee Global Threat Intelligence file reputation set to a sensitivity level of Medium or higher. | Antivirus software vendors use collective intelligence from sensors and cross-vector intelligence from web, email, and network threats to compile scores that reflect the likelihood of whether a... |
| V-48873 | Medium | The McAfee MOVE AV Agentless Scan policy must be configured to enable the quarantine. | Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it because... |
| V-48871 | Medium | When a threat is found by the McAfee MOVE AV Agentless On-Demand Scan, the Scan policy must be configured to notify only if first action fails. | Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it... |
| V-44969 | Medium | The McAfee MOVE AV Agentless Scan policy must be configured to scan files when opened. | Antivirus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are read from disk is a crucial first line of defense from malware attacks. |
| V-48867 | Medium | When a threat is found by the McAfee MOVE AV Agentless On-Access Scan, the Scan policy must be configured to deny access to files if first action fails. | Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it... |
| V-43957 | Medium | The McAfee MOVE AV Agentless SVA policy must be configured with, and managed by, the HBSS ePO server. | Organizations should use centrally managed antivirus software that is controlled and monitored regularly by antivirus administrators, who are also typically responsible for acquiring, testing,... |
| V-43959 | Medium | The McAfee MOVE AV Agentless SVA Authentication policy must be configured to authenticate to the Hypervisor/vCenter server with user name and password. | Requiring the McAfee MOVE AV Agentless SVA to authenticate to the hypervisor with a username and password, coupled with HTTPs, ensures authentication is over a secure path from a valid source. |
| V-43958 | Medium | The McAfee MOVE AV Agentless SVA Authentication policy must be configured to communicate with the Hypervisor/vCenter server via HTTPS protocol. | Requiring the McAfee MOVE AV Agentless SVA to authenticate to the hypervisor over HTTPs ensures the authentication is over a secure path. |
| V-48869 | Medium | When a threat is found by the McAfee MOVE AV Agentless On-Demand Scan, the Scan policy must be configured to delete files automatically as first action. | Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it because... |
| V-44973 | Medium | The McAfee MOVE AV Agentless Scan policy must be configured to scan all file types. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner... |
| V-44933 | Medium | The McAfee MOVE AV Agentless Scan policy must be configured to enforce a maximum On-Access Scan timeout of no less than 45 seconds. | This setting configures the amount of time to wait for a scan to complete, in seconds. The default setting is 45 seconds. Typically, file scans are very fast. However, file scans may take longer... |
| V-48863 | Medium | For any path or file exclusions configured in the McAfee MOVE AV Agentless Scan policy, those exclusions must be formally documented by the System Administrator and approved by the IAO/IAM. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner... |
| V-48865 | Medium | When a threat is found by the McAfee MOVE AV Agentless On-Access Scan, the Scan policy must be configured to delete files automatically as first action. | Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it because... |
| V-44979 | Medium | The McAfee MOVE AV Agentless Scan policy must be configured to scan files when closed. | Antivirus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are written to disk is a crucial first line of defense from... |
| V-48861 | Medium | The McAfee MOVE AV Agentless Scan policy must be configured to detect unwanted programs. | Due to the ability of malware to mutate after infection, standard antivirus signatures may not be able to catch new strains or variants of the malware. Typically, these strains and variants will... |
