The McAfee MOVE AV On Access Scan policy must be configured to enable protection.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-78463 | MV45-OAS-200001 | SV-93169r1_rule | High |
| Description |
|---|
| Anti-virus software should be installed as soon after operating system installation as possible and then updated with the latest signatures and anti-virus software patches (to eliminate any known vulnerabilities in the anti-virus software itself). The anti-virus software should then perform a complete scan of the host to identify any potential infections. To support the security of the host, the anti-virus software should be configured and maintained properly so it continues to be effective at detecting and stopping malware. Anti-virus software is most effective when its signatures are fully up to date. Accordingly, anti-virus software should be kept current with the latest signature and software updates to improve malware detection. |
| STIG | Date |
|---|---|
| McAfee MOVE AV Agentless 4.5 Security Technical Implementation Guide | 2017-12-01 |
Details
| Check Text ( C-78025r1_chk ) |
|---|
| Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "On-access scan", verify the "Enable on-access scan" check box is selected. If the "Enable on-access scan" check box is not selected, this is a finding. |
| Fix Text (F-85197r1_fix) |
|---|
| Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "On-access scan", select the "Enable on-access scan" check box. Click "Save". |