UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

McAfee VirusScan Buffer Overflow Protection Buffer Overflow Settings must be configured to enable Buffer Overflow Protection.


Overview

Finding ID Version Rule ID IA Controls Severity
V-14657 DTAM130 SV-56434r1_rule ECVP-1 Medium
Description
Buffer overflow is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This anomaly has been used maliciously, explicitly to craft exploits. Buffer overflow attacks compose greater than 25% of malware attacks. Without buffer overflow protection enabled, systems are more vulnerable to attacks that attempt to overwrite adjacent memory in the stack frame. Buffer overflow protection is only configurable on non-64-bit systems.
STIG Date
McAfee VirusScan 8.8 Local Client STIG 2015-03-30

Details

Check Text ( C-49341r2_chk )
NOTE: Buffer Overflow Protection is not installed on 64-bit systems; this check would be Not Applicable to 64-bit systems.

NOTE: On 32-bit systems, when Host Intrusion Prevention is also installed, Buffer Overflow Protection will show as "Disabled because a Host Intrusion Prevention product is installed"; this check would be Not Applicable.

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.

In the console window, under Task, click Task->Buffer Overflow Protection, right-click, and select Properties.

Under the Buffer Overflow Protection tab, locate the "Buffer Overflow settings:" label. Ensure the "Enable buffer overflow protection" option is selected.

Criteria: If the "Enable buffer overflow protection" option is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
SystemCore\VSCore\On Access Scanner\BehaviourBlocking

Criteria: If the value BOPEnabled is 1, this is not a finding. If the value is 0, this is a finding.
Fix Text (F-49145r2_fix)
Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, click Task->Buffer Overflow Protection, right-click, and select Properties.

Under the Buffer Overflow Protection tab, locate the "Buffer Overflow settings:" label. Select the "Enable buffer overflow protection" option.

Click OK to Save.