UCF STIG Viewer Logo

McAfee VirusScan On-Access Scanner General Settings must be configured to enable scanning of scripts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-14618 DTAM090 SV-56400r1_rule Medium
Description
Interpreted viruses are executed by an application. Within this subcategory, macro viruses take advantage of the capabilities of applications' macro programming language to infect application documents and document templates, while scripting viruses infect scripts that are understood by scripting languages processed by services on the OS. Many attackers use toolkits containing several different types of utilities and script that can be used to probe and attack hosts. (NIST SP 800-83) The scanning of scripts is crucial in preventing these attacks.
STIG Date
McAfee VirusScan 8.8 Local Client STIG 2018-07-09

Details

Check Text ( C-49328r1_chk )
Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select the General Settings.

Under the ScriptScan tab, locate the "ScriptScan:" label. Ensure the "Enable scanning of scripts" option is selected.

Criteria: If the "Enable scanning of scripts" option is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\Script Scanner

Criteria: If the value of ScriptScanEnabled is 1, this is not a finding. If the value is 0, this is a finding.
Fix Text (F-49132r1_fix)
Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select the General Settings.

Under the ScriptScan tab, locate the "ScriptScan:" label. Select the "Enable scanning of scripts" option.

Click OK to Save.