Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-78513 | MV45-COP-000003 | SV-93219r1_rule | Medium |
Description |
---|
Forensic identification is the practice of identifying infected hosts by looking for evidence of recent infections. The evidence may be very recent (only a few minutes old) or not so recent (hours or days old); the older the information is, the less accurate it is likely to be. The most obvious sources of evidence are those that are designed to identify malware activity, such as anti-virus software, content filtering (e.g., anti-spam measures), IPS, and SIEM technologies. The logs of security applications might contain detailed records of suspicious activity and might also indicate whether a security compromise occurred or was prevented. While logging is imperative to forensic analysis, logs could grow to the point of impacting disk space on the system. To avoid the risk of logs growing to the size of impacting the operating system, the log size and number of log files will be restricted but must be large enough to retain forensic value. |
STIG | Date |
---|---|
McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide | 2017-12-01 |
Check Text ( C-78075r1_chk ) |
---|
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus Common 4.5.0" from the Product list. From the Category list, select "Options". Select each configured Options policy. Click "Show Advanced". Under "Logging", verify the "Rotate log file content when the file size reaches" field is set to "10" MB or greater. If the "Rotate log file content when the file size reaches" field is not set to "10" MB or greater, this is a finding. |
Fix Text (F-85247r1_fix) |
---|
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus Common 4.5.0" from the Product list. From the Category list, select "Options". Select each configured Options policy. Click "Show Advanced". Under "Logging", set the "Rotate log file content when the file size reaches" value to "10" MB or greater. Click "Save". |