The McAfee MOVE AV On Access Scan Policy must be configured to scan when reading from disk.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-78533 | MV45-OAS-000005 | SV-93239r1_rule | Medium |
| Description |
|---|
| Anti-virus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are read from disk is a crucial first line of defense from malware attacks. |
| STIG | Date |
|---|---|
| McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide | 2017-12-01 |
Details
| Check Text ( C-78103r1_chk ) |
|---|
| Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "Scan", verify the "When reading from disk" check box is selected. If the "When reading from disk" check box is not selected, this is a finding. |
| Fix Text (F-85269r1_fix) |
|---|
| Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Select the On Access Scan policy to be configured. Under "Scan", select the "When reading from disk" check box. Click "Save". |