| V-78515 | High | The McAfee MOVE AV Common Options policy must be configured to enable self-protection. | The self-protection feature defends files, services, and registry keys on virtual machines and will ensure uninterrupted protection.
Self-protection on the McAfee MOVE SVM is provided by the... |
| V-78523 | High | The McAfee VirusScan Enterprise Access Protection rules must be used for self-protection of the files and folder of the McAfee Security Virtual Manager (SVM). | The VirusScan Enterprise Access Protection rules will defend files, services, and registry keys on the McAfee Security Virtual Manager (SVM). |
| V-78521 | High | The admin password for the McAfee MOVE AV Security Virtual Machine (SVM) must be changed from the default. | The preconfigured Security Virtual Appliance (SVA) comes with a default password for the "SVAadmin" account. This account has root privileges to the Linux operating system of the appliance. By not... |
| V-78525 | High | The McAfee MOVE AV On Access Scan Policy must be configured to enable protection. | Anti-virus software should be installed as soon after operating system installation as possible and then updated with the latest signatures and anti-virus software patches (to eliminate any known... |
| V-78509 | Medium | The McAfee MOVE AV Common Options policy must be configured to report all events to the Windows Event Log. | Forensic identification is the practice of identifying infected hosts by looking for evidence of recent infections. The evidence may be very recent (only a few minutes old) or not so recent (hours... |
| V-78547 | Medium | The McAfee MOVE AV On Demand Scan policy must be explicitly configured to stop an on-demand scan after an organization-specific period. | This setting configures the maximum time, in minutes, for on-demand scanning. The default setting is 150 minutes. Typically, file scans are very fast. However, file scans may take longer due to... |
| V-78541 | Medium | The McAfee MOVE AV On Access Scan policy must be configured to delete files automatically and quarantine as the first response of a threat detection. | Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it because... |
| V-78543 | Medium | The McAfee MOVE AV On Demand Scan policy must be configured to enable on-demand scan. | Anti-virus software is the most commonly used technical control for malware threat mitigation. Anti-virus software on hosts should be configured to scan all hard drives and folders regularly to... |
| V-78557 | Medium | The McAfee MOVE AV On-Demand Scan interval must be set to no more than every seven days. | Anti-virus software is the most commonly used technical control for malware threat mitigation. Anti-virus software on hosts should be configured to scan all hard drives and folders regularly to... |
| V-78567 | Medium | The McAfee MOVE AV SVM must be managed by the HBSS ePO server. | Organizations should use centrally managed anti-virus software that is controlled and monitored regularly by anti-virus administrators, who are also typically responsible for acquiring, testing,... |
| V-78565 | Medium | The McAfee MOVE AV SVM must have McAfee VirusScan Enterprise installed. | Organizations should deploy anti-virus software on all hosts for which satisfactory anti-virus software is available. Anti-virus software should be installed as soon after OS installation as... |
| V-78519 | Medium | The McAfee MOVE AV policies must be configured with and managed by the HBSS ePO server. | Organizations should use centrally managed anti-virus software that is controlled and monitored regularly by anti-virus administrators, who are also typically responsible for acquiring, testing,... |
| V-78561 | Medium | The McAfee MOVE AV Options Policy must be configured to automatically delete quarantined data after a time period of no more than 28 days. | The quarantine on each system represents a potential danger should the files contained within the quarantine be executed inadvertently. Deleting the quarantine contents on a regular basis will... |
| V-78553 | Medium | The McAfee MOVE AV On Demand Scan policy must be configured to scan all file types. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring anti-virus software to scan all file types, the scanner... |
| V-78569 | Medium | The McAfee MOVE AV SVM must be configured with a static Internet Protocol (IP) address. | Security management devices must be configured to ensure consistent and uninterrupted connectivity to/from the systems they manage/control. Otherwise, the security management device will be less... |
| V-78535 | Medium | The McAfee MOVE AV On Access Scan Policy must be configured to scan all file types. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring anti-virus software to scan all file types, the scanner... |
| V-78537 | Medium | Path or file exclusions configured in McAfee MOVE AV On Access Scan Policy must be formally documented by the System Administrator and approved by the ISSO/ISSM. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring anti-virus software to scan all file types, the scanner... |
| V-78531 | Medium | The McAfee MOVE AV On Access Scan Policy must be configured to scan when writing to disk. | Anti-virus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are written to disk is a crucial first line of defense from... |
| V-78533 | Medium | The McAfee MOVE AV On Access Scan Policy must be configured to scan when reading from disk. | Anti-virus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are read from disk is a crucial first line of defense from... |
| V-78545 | Medium | The McAfee MOVE AV On Demand Scan policy must be configured to enforce a maximum time for each file scan of no less than 45 seconds. | This setting configures the amount of time, in seconds, to wait for a scan to complete. The default setting is 45 seconds. This is the duration for which a McAfee MOVE AV Agent will wait for scan... |
| V-78539 | Medium | Process exclusions configured in McAfee MOVE AV On Access Scan Policy must be formally documented by the System Administrator and approved by the ISSO/ISSM. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring anti-virus software to scan all file types, the scanner... |
| V-78571 | Medium | The McAfee MOVE AV SVM Settings policy must be configured to scan for potentially unwanted programs. | Due to the ability of malware to mutate after infection, standard anti-virus signatures may not be able to catch new strains or variants of the malware. Typically, these strains and variants will... |
| V-78555 | Medium | Path Exclusions configured in the McAfee MOVE AV On Demand Scan policy must be formally documented by the System Administrator and approved by the ISSO/ISSM. | When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring anti-virus software to scan all file types, the scanner... |
| V-78575 | Medium | The McAfee MOVE AV SVM Settings policy must be configured to use McAfee Global Threat Intelligence file reputation with a sensitivity level of medium or higher. | Anti-virus software vendors use collective intelligence from sensors and cross-vector intelligence from web, email, and network threats to compile scores that reflect the likelihood of whether a... |
| V-78551 | Medium | The McAfee MOVE AV On Demand Scan policy must be configured to delete files automatically and quarantine as the first response of a threat detection. | Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it because... |
| V-78513 | Medium | The McAfee MOVE AV Common Options policy must be configured to not rotate log files until they reach at least 10 MB in size. | Forensic identification is the practice of identifying infected hosts by looking for evidence of recent infections. The evidence may be very recent (only a few minutes old) or not so recent (hours... |
| V-78511 | Medium | The McAfee MOVE AV Common Options policy must be configured to send all events to the HBSS ePO server. | Forensic identification is the practice of identifying infected hosts by looking for evidence of recent infections. The evidence may be very recent (only a few minutes old) or not so recent (hours... |
| V-78517 | Medium | All other anti-virus products must be removed from the virtual machine while the McAfee AV Client is running. | Organizations should deploy anti-virus software on all hosts for which satisfactory anti-virus software is available. Anti-virus software should be installed as soon after operating system... |
| V-78549 | Medium | The McAfee MOVE AV On Demand Scan policy must be configured to cache scan results for files smaller than 40 MB. | This setting configures the maximum file size (in MB) up to which scan results should be cached. The default setting is 40 MB. Files smaller than this threshold are copied completely to the... |
| V-78559 | Medium | The McAfee MOVE AV Options Policy must be configured with the location of quarantine to ensure consistency across all systems. | The quarantine on each system represents a potential danger should the files contained within the quarantine be executed inadvertently.
To centrally manage the quarantine on all systems, the... |
| V-78573 | Medium | The McAfee MOVE AV SVM Settings policy must be configured to scan for Multipurpose Internet Mail Extensions (MIME)-encoded files. | Multipurpose Internet Mail Extensions (MIME) encoded files can be crafted to hide a malicious payload. When the MIME encoded file is presented to software that decodes the MIME encoded files, such... |
| V-78527 | Medium | The McAfee MOVE AV On Access Scan Policy must be configured with a scan timeout of 45 seconds or more. | This setting configures the amount of time, in seconds, to wait for a scan to complete. The default setting is 45 seconds. This is the duration for which a McAfee MOVE AV Agent will wait for scan... |
| V-78563 | Medium | The McAfee MOVE AV SVM Settings policy ODS scan interval must be set to no more than every seven days. | Anti-virus software is the mostly commonly used technical control for malware threat mitigation. Anti-virus software on hosts should be configured to scan all hard drives and folders regularly to... |
| V-78529 | Medium | The McAfee MOVE AV On Access Scan Policy must be configured to cache scan results for files smaller than 40 MB. | This setting configures the maximum file size (in MB) up to which scan results should be cached. The default setting is 40 MB. Files smaller than this threshold are copied completely to the... |
