McAfee VirusScan General Options settings must be configured to not allow On-Demand scans to utilize the scan cache.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-42568 | DTAM156 | SV-55296r1_rule | Medium |
| Description |
|---|
| The cache is a list of scanned files that have been determined to be clean. The scanner will use this list to reduce duplicate file scanning. While disabling the cache persistence may result in performance degradation, the risk of enabling it may allow malware to go undetected. |
| STIG | Date |
|---|---|
| McAfee VirusScan 8.8 Local Client STIG | 2016-03-31 |
Details
| Check Text ( C-49367r1_chk ) |
|---|
| NOTE: If the system being configured/reviewed is a server, this setting is Not Applicable. This setting is required for workstations. Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. Select Tools from the Menu Bar. Select General Options. Under the Global Scan Settings tab, locate the Scan Cache label. Criteria: If the "Allow On-Demand Scans to utilize the scan cache" option is selected, this is a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\On Access Scanner\McShield\Configuration Criteria: If the value for bODSUseCache is 1, this is a finding. |
| Fix Text (F-48150r2_fix) |
|---|
| Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. Select Tools from the Menu Bar. Select General Options. Under the Global Scan Settings tab, locate the Scan Cache label. Uncheck the "Allow On-Demand Scans to utilize the scan cache" option. Click OK to Save. |