Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
McAfee VirusScan On-Access Scanner All Processes settings must be configured to scan inside archive files.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-14628 | DTAM106 | SV-56433r2_rule | ECVP-1 | Medium |
| Description |
|---|
| Malware is often packaged within an archive. In addition, archives might have other archives within. Not scanning archive files introduces the risk of infected files being introduced into the environment. |
| STIG | Date |
|---|---|
| McAfee VirusScan 8.8 Local Client STIG | 2015-03-30 |
Details
| Check Text ( C-49338r2_chk ) |
|---|
| NOTE: This setting must be configured. Exclusions for specific extensions may be created. Exclusions must be documented with, and approved by, the local ISSO/ISSM. Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties. Select All Processes. Under the Scan Items tab, locate the "Compressed files:" label. Ensure the "Scan inside archives (e.g., .ZIP)" option is selected. Criteria: If the "Scan inside archives (e.g., .ZIP)" option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\On Access Scanner\McShield\Configuration\Default Criteria: If the value ScanArchives is 1, this is not a finding. If the value is 0, this is a finding. |
| Fix Text (F-49142r1_fix) |
|---|
| Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties. Select All Processes. Under the Scan Items tab, locate the "Compressed files:" label. Select the "Scan inside archives (e.g., .ZIP)" option. Click OK to Save. |