UCF STIG Viewer Logo

The McAfee MOVE AV On Demand Scan policy must be configured to enforce a maximum time for each file scan of no less than 45 seconds.


Overview

Finding ID Version Rule ID IA Controls Severity
V-78545 MV45-ODS-000002 SV-93251r1_rule Medium
Description
This setting configures the amount of time, in seconds, to wait for a scan to complete. The default setting is 45 seconds. This is the duration for which a McAfee MOVE AV Agent will wait for scan response of a file from the Security Virtual Machine (SVM). Typically, file scans are very fast. However, file scans may take longer due to large file size, file type, or heavy load on the SVM. If the file scan takes longer than the scan timeout limit, the file access is allowed and a scan timeout event is generated. Setting the timeout too low may result in scans of a file terminating before the scan is completed, resulting in malware potentially going undetected.
STIG Date
McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide 2018-07-09

Details

Check Text ( C-78115r1_chk )
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Demand Scan".

Select each configured On Demand Scan policy.

Click "Show Advanced".

Under "On-demand Scan", verify the "Specify maximum time for each file scan" is configured for "45" seconds or more.

If "Specify maximum time for each file scan" is not configured for "45" seconds or more, this is a finding.
Fix Text (F-85281r1_fix)
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Demand Scan".

Select each configured On Demand Scan policy.

Click "Show Advanced".

Under "On-demand Scan", configure the "Specify maximum time for each file scan" for "45" seconds or more.

Click "Save".