The McAfee MOVE AV Options policy must specify the username and password for the quarantine network share.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-78493 | MV45-OPT-200002 | SV-93199r1_rule | Medium |
| Description |
|---|
| The quarantine on each system represents a potential danger should the files contained within the quarantine be executed inadvertently. To centrally manage the quarantine on all systems, the quarantine should always be configured the same across all systems, which will allow management to better control access to those locations. |
| STIG | Date |
|---|---|
| McAfee MOVE AV Agentless 4.5 Security Technical Implementation Guide | 2017-12-01 |
Details
| Check Text ( C-78055r1_chk ) |
|---|
| Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "Options". Select each configured Options policy. Under "Quarantine Manager" (Agentless only), verify the "Network domain and username", "Network password", and "Confirm password" fields are populated. The "Network password" and "Confirm password" will be masked if populated. If the "Network domain and username", "Network password", and "Confirm password" fields are not populated, this is a finding. |
| Fix Text (F-85227r2_fix) |
|---|
| Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "Options". Select each configured Options policy. Under "Quarantine Manager" (Agentless only), configure the quarantine with “Network domain and username" and "Network password" for accessing the quarantine network share. Click "Save". |