V-78463 | High | The McAfee MOVE AV On Access Scan policy must be configured to enable protection. | Anti-virus software should be installed as soon after operating system installation as possible and then updated with the latest signatures and anti-virus software patches (to eliminate any known... |
V-78461 | High | The admin password for the McAfee MOVE AV Agentless Security Virtual Machine (SVM) must be changed from the default. | The preconfigured Security Virtual Appliance (SVA) comes with a default password for the "SVAadmin" account. This account has root privileges to the Linux operating system of the appliance. By not... |
V-78469 | Medium | The McAfee MOVE AV On Access Scan policy must be configured to scan files when reading from disk. | Anti-virus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are read from disk is a crucial first line of defense from... |
V-78501 | Medium | The McAfee MOVE AV SVM Settings policy must be configured to scan for Multipurpose Internet Mail Extensions (MIME)-encoded files. | MIME-encoded files can be crafted to hide a malicious payload. When the MIME-encoded file is presented to software that decodes the MIME encoded files, such as an email client, the malware is... |
V-78503 | Medium | The McAfee MOVE AV SVM Settings policy must be configured to use McAfee Global Threat Intelligence File Reputation with a sensitivity level of medium or higher. | Anti-virus software vendors use collective intelligence from sensors and cross-vector intelligence from web, email, and network threats to compile scores that reflect the likelihood of whether a... |
V-78467 | Medium | The McAfee MOVE AV On Access Scan policy must be configured to scan files when writing to disk. | Anti-virus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are written to disk is a crucial first line of defense from... |
V-78505 | Medium | The McAfee MOVE AV SVM settings policy must be configured to communicate with the hypervisor/vCenter server via HTTPS protocol. | Requiring the McAfee MOVE AV Agentless SVA to authenticate to the hypervisor over HTTPs ensures the authentication is over a secure path. |
V-78465 | Medium | The McAfee MOVE AV On Access Scan policy must be configured to enforce a maximum On-Access Scan timeout of no less than 45 seconds. | This setting configures the amount of time, in seconds, to wait for a scan to complete. The default setting is 45 seconds. This is the duration for which a McAfee MOVE AV Agent will wait for scan... |
V-78507 | Medium | The McAfee MOVE AV SVM settings policy must be configured to authenticate to the hypervisor/vCenter server with user name and password. | Requiring the McAfee MOVE AV Agentless SVA to authenticate to the hypervisor with a username and password, coupled with HTTPs, ensures authentication is over a secure path from a valid source. |
V-78497 | Medium | The McAfee MOVE AV SVM must be managed by the HBSS ePO server. | Organizations should use centrally managed anti-virus software that is controlled and monitored regularly by anti-virus administrators, who are also typically responsible for acquiring, testing,... |
V-78495 | Medium | The McAfee MOVE AV SVM Settings policy ODS scheduler must be set to no more than every seven days. | Anti-virus software is the mostly commonly used technical control for malware threat mitigation. Anti-virus software on hosts should be configured to scan all hard drives and folders regularly to... |
V-78493 | Medium | The McAfee MOVE AV Options policy must specify the username and password for the quarantine network share. | The quarantine on each system represents a potential danger should the files contained within the quarantine be executed inadvertently.
To centrally manage the quarantine on all systems, the... |
V-78491 | Medium | The McAfee MOVE AV Options policy must specify the location of the quarantine network share. | The quarantine on each system represents a potential danger should the files contained within the quarantine be executed inadvertently.
To centrally manage the quarantine on all systems, the... |
V-78499 | Medium | The McAfee MOVE AV SVM Settings policy must be configured to scan for potentially unwanted programs. | Due to the ability of malware to mutate after infection, standard anti-virus signatures may not be able to catch new strains or variants of the malware. Typically, these strains and variants will... |
V-78479 | Medium | The McAfee MOVE AV On Demand Scan policy must be configured to enforce a maximum time for each file scan of no less than 45 seconds. | This setting configures the amount of time, in seconds, to wait for a scan to complete. The default setting is 45 seconds. This is the duration for which a McAfee MOVE AV Agent will wait for scan... |
V-78471 | Medium | The McAfee MOVE AV On Access Scan policy must be configured to scan all file types. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring anti-virus software to scan all file types, the scanner... |
V-78473 | Medium | Path or file exclusions configured in the McAfee MOVE AV On Access Scan policy must be formally documented by the System Administrator and approved by the ISSO/ISSM. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring anti-virus software to scan all file types, the scanner... |
V-78475 | Medium | The McAfee MOVE AV On Access Scan policy must be configured to delete files automatically and quarantine as the first response of a threat detection. | Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it because... |
V-78477 | Medium | The McAfee MOVE AV policy must be configured to enable On-Demand scanning. | Anti-virus software is the most commonly used technical control for malware threat mitigation. Anti-virus software on hosts should be configured to scan all hard drives and folders regularly to... |
V-78489 | Medium | The McAfee MOVE AV On-Demand Scan interval must be set to no more than every seven days. | Anti-virus software is the most commonly used technical control for malware threat mitigation. Anti-virus software on hosts should be configured to scan all hard drives and folders regularly to... |
V-78481 | Medium | The McAfee MOVE AntiVirus On Demand Scan policy must be configured to stop an on-demand scan after 150 minutes. | This setting configures the maximum time (in minutes) for on-demand scanning. The default setting is 150 minutes. Typically, file scans are very fast. However, file scans may take longer due to... |
V-78483 | Medium | The McAfee MOVE AV On Demand Scan policy must be configured to delete files automatically and quarantine as the first response of a threat detection. | Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it because... |
V-78485 | Medium | The McAfee MOVE AV On Demand Scan policy must be configured to scan all file types. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring anti-virus software to scan all file types, the scanner... |
V-78487 | Medium | Path Exclusions configured in the McAfee MOVE AV On Demand Scan policy must be formally documented by the System Administrator and approved by the ISSO/ISSM. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring anti-virus software to scan all file types, the scanner... |