Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-14618 | DTAM090 | SV-56400r1_rule | ECVP-1 | Medium |
Description |
---|
Interpreted viruses are executed by an application. Within this subcategory, macro viruses take advantage of the capabilities of applications' macro programming language to infect application documents and document templates, while scripting viruses infect scripts that are understood by scripting languages processed by services on the OS. Many attackers use toolkits containing several different types of utilities and script that can be used to probe and attack hosts. (NIST SP 800-83) The scanning of scripts is crucial in preventing these attacks. |
STIG | Date |
---|---|
McAfee VirusScan 8.8 Local Client STIG | 2015-03-30 |
Check Text ( C-49328r1_chk ) |
---|
Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties. Select the General Settings. Under the ScriptScan tab, locate the "ScriptScan:" label. Ensure the "Enable scanning of scripts" option is selected. Criteria: If the "Enable scanning of scripts" option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\Script Scanner Criteria: If the value of ScriptScanEnabled is 1, this is not a finding. If the value is 0, this is a finding. |
Fix Text (F-49132r1_fix) |
---|
Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties. Select the General Settings. Under the ScriptScan tab, locate the "ScriptScan:" label. Select the "Enable scanning of scripts" option. Click OK to Save. |