UCF STIG Viewer Logo

The McAfee MOVE AV On Access Scan policy must be configured to delete files automatically and quarantine as the first response of a threat detection.


Overview

Finding ID Version Rule ID IA Controls Severity
V-78475 MV45-OAS-200008 SV-93181r1_rule Medium
Description
Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it because the malware is removed and the original file restored; however, many infected files cannot be disinfected. The primary goal of eradication is to remove malware from infected hosts.
STIG Date
McAfee MOVE AV Agentless 4.5 Security Technical Implementation Guide 2017-12-01

Details

Check Text ( C-78037r1_chk )
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Access Scan".

Select each configured On Access Scan policy.

Click "Actions".

Under "Threat detection first response", verify "Delete files automatically and quarantine" is selected.

If "Threat detection first response" is not set to "Delete files automatically and quarantine", this is a finding.
Fix Text (F-85209r1_fix)
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Access Scan".

Select each configured On Access Scan policy.

Click "Actions".

Under "Threat detection first response", select "Delete files automatically and quarantine" from the drop-down list.

Click "Save".