The McAfee MOVE AV On Access Scan Policy must be configured to scan when writing to disk.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-78531 | MV45-OAS-000004 | SV-93237r1_rule | Medium |
| Description |
|---|
| Anti-virus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are written to disk is a crucial first line of defense from malware attacks. |
| STIG | Date |
|---|---|
| McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide | 2017-12-01 |
Details
| Check Text ( C-78101r1_chk ) |
|---|
| Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "Scan", verify the "When writing to disk" check box is selected. If the "When writing to disk" check box is not selected, this is a finding. |
| Fix Text (F-85267r1_fix) |
|---|
| Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Select the On Access Scan policy to be configured. Under "Scan", select the "When writing to disk" check box. Click "Save". |