UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

McAfee VirusScan On-Access Scanner All Processes settings must be configured to not exclude any script URLs from being scanned unless the URL exclusions have been documented with, and approved by the IAO/IAM.


Overview

Finding ID Version Rule ID IA Controls Severity
V-42572 DTAM160 SV-55300r1_rule Medium
Description
Many attackers use toolkits containing several different types of utilities and scripts that can be used to probe and attack hosts. All scripts should be scanned and none should be excluded from scanning.
STIG Date
McAfee VirusScan 8.8 Local Client STIG 2014-04-03

Details

Check Text ( C-49371r1_chk )
Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select the General Settings.

Under the ScriptScan tab, locate the "ScriptScan URL exclusions:" label. Ensure there are no URL exclusions listed in the URL field.

Criteria: If there are no exclusions listed in the URL field, this is a not finding.
If there are exclusions listed in the URL field, and the exclusions have been documented with, and approved by, the IAO/IAM, this is not a finding.
If there are exclusions listed in the URL field, and the exclusions have not been documented with, and approved by, the IAO/IAM, this is a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\Script Scanner

Criteria: If the ExcludedURLs REG_MULTI_SZ has any entries, and the excluded URLs have not been documented with, and approved by, the IAO/IAM, this is a finding.
Fix Text (F-48154r2_fix)
Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select the General Settings.

Under the ScriptScan tab, locate the "ScriptScan exclusions" label. Ensure there are no exclusions listed in the URL field.