Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-78527 | MV45-OAS-000002 | SV-93233r1_rule | Medium |
Description |
---|
This setting configures the amount of time, in seconds, to wait for a scan to complete. The default setting is 45 seconds. This is the duration for which a McAfee MOVE AV Agent will wait for scan response of a file from the Security Virtual Machine (SVM). Typically, file scans are very fast. However, file scans may take longer due to large file size, file type, or heavy load on the SVM. If the file scan takes longer than the scan timeout limit, the file access is allowed and a scan timeout event is generated. Setting the timeout too low may result in scans of a file terminating before the scan is completed, resulting in malware potentially going undetected. |
STIG | Date |
---|---|
McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide | 2017-12-01 |
Check Text ( C-78095r1_chk ) |
---|
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "Scan", verify "Specify maximum time for each file scan" is set to "45" seconds or more. If "Specify maximum time for each file scan" is not set to "45" seconds or more, this is a finding. |
Fix Text (F-85261r1_fix) |
---|
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select the On Access Scan policy to be configured. Under "Scan", set "Specify maximum time for each file scan" to "45" seconds or more. Click "Save". |