Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-42559 | DTAM148 | SV-55287r4_rule | Medium |
Description |
---|
This rule prevents the Windows scripting host from running VBScript and JavaScript scripts from the Temp directory. This would protect against a large number of trojans and questionable web installation mechanisms that are used by many adware and spyware applications. |
STIG | Date |
---|---|
McAfee VirusScan 8.8 Local Client STIG | 2015-06-11 |
Check Text ( C-49359r5_chk ) |
---|
Note: If the HIPS signature 3893 is enabled to provide this same protection, this check is Not Applicable. Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. Under the Task column, select Access Protection, right-click, and select Properties. Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Spyware Maximum Protection". Ensure the "Prevent execution of scripts from the Temp folder" (Block and Report) option is selected. Criteria: If the "Prevent execution of scripts from the Temp folder" (Block and Report) option is not selected, this is not a finding. |
Fix Text (F-48141r3_fix) |
---|
Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. Under the Task column, select Access Protection, right-click, and select Properties. Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Spyware Maximum Protection". Select the "Prevent execution of scripts from the Temp folder" (Block and Report) option. Click OK to save. |