UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The McAfee MOVE AV On Access Scan policy must be configured to delete files automatically and quarantine as the first response of a threat detection.


Overview

Finding ID Version Rule ID IA Controls Severity
V-78541 MV45-OAS-000009 SV-93247r1_rule Medium
Description
Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Disinfecting a file is generally preferable to quarantining it because the malware is removed and the original file restored; however, many infected files cannot be disinfected. The primary goal of eradication is to remove malware from infected hosts.
STIG Date
McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide 2018-07-09

Details

Check Text ( C-78111r1_chk )
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Access Scan".

Select each configured On Access Scan policy.

Click "Actions".

Under "Threat detection first response", verify "Delete files automatically and quarantine" is selected.

If "Threat detection first response" is not set to "Delete files automatically and quarantine", this is a finding.
Fix Text (F-85277r1_fix)
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Access Scan".

Select each configured "On Access Scan" policy.

Click "Actions".

Under "Threat detection first response", select "Delete files automatically and quarantine" from the drop-down list.

Click "Save".