The McAfee MOVE AV On Access Scan policy must be configured to enforce a maximum On-Access Scan timeout of no less than 45 seconds.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-78465 | MV45-OAS-200002 | SV-93171r1_rule | Medium |
| Description |
|---|
| This setting configures the amount of time, in seconds, to wait for a scan to complete. The default setting is 45 seconds. This is the duration for which a McAfee MOVE AV Agent will wait for scan response of a file from the Security Virtual Machine (SVM). Typically, file scans are very fast. However, file scans may take longer due to large file size, file type, or heavy load on the SVM. If the file scan takes longer than the scan timeout limit, the file access is allowed and a scan timeout event is generated. Setting the timeout too low may result in scans of a file terminating before the scan is completed, resulting in malware potentially going undetected. |
| STIG | Date |
|---|---|
| McAfee MOVE AV Agentless 4.5 Security Technical Implementation Guide | 2017-12-01 |
Details
| Check Text ( C-78027r1_chk ) |
|---|
| Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Click "Show Advanced". Under "On-access Scan", verify the "Specify maximum time for each file scan" is configured for "45" seconds or more. If "Specify maximum time for each file scan" is not configured for "45" seconds or more, this is a finding. |
| Fix Text (F-85199r1_fix) |
|---|
| Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Click "Show Advanced". Under "On-access Scan", set the "Specify maximum time for each file scan" for "45" seconds or more. Click "Save". |