UCF STIG Viewer Logo

The McAfee MOVE AV On Demand Scan policy must be configured to cache scan results for files smaller than 40 MB.


Overview

Finding ID Version Rule ID IA Controls Severity
V-78549 MV45-ODS-000004 SV-93255r1_rule Medium
Description
This setting configures the maximum file size (in MB) up to which scan results should be cached. The default setting is 40 MB. Files smaller than this threshold are copied completely to the Security Virtual Machine (SVM) and scanned. If the file is found to be clean, its scan result is cached based on its SHA 1 checksum for faster future access. Files larger than this size threshold are transferred in chunks that are requested by the SVM and scanned. Setting that threshold higher could impact the performance of the scan processes.
STIG Date
McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide 2017-12-01

Details

Check Text ( C-78119r1_chk )
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Demand Scan".

Select each configured On Demand Scan policy.

Click "Show Advanced".

Under "On-demand Scan", verify "Cache scan results for files smaller than" is configured for 40 MB or smaller.

If "Cache scan results for files smaller than" is not configured for 40 MB or smaller, this is a finding.
Fix Text (F-85285r1_fix)
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Demand Scan".

Select each configured On Demand Scan policy.

Click "Show Advanced".

Under "On-demand Scan", configure "Cache scan results for files smaller than" for 40 MB or smaller.

Click "Save".