McAfee VirusScan Access Protection Rules Anti-Spyware Maximum Protection must be set to block and log execution of scripts from the Temp folder.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-42559	DTAM148	SV-55287r6_rule		Medium

Description
This rule prevents the Windows scripting host from running VBScript and JavaScript scripts from the Temp directory. This would protect against a large number of trojans and questionable web installation mechanisms that are used by many adware and spyware applications.

STIG	Date
McAfee VirusScan 8.8 Local Client STIG	2018-07-09

Details

Check Text ( C-49359r8_chk )
Note: If the HIPS signature 7035 is enabled to provide this same protection, this check is Not Applicable. Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console. Under the Task column, select Access Protection, right-click, and select Properties. Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Spyware Maximum Protection". Ensure the "Prevent execution of scripts from the Temp folder" (Block and Report) option is selected. Criteria: If the "Prevent execution of scripts from the Temp folder" (Block and Report) option is selected, this is not a finding.

Check Text ( C-49359r8_chk )

Note: If the HIPS signature 7035 is enabled to provide this same protection, this check is Not Applicable.

Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console.
Under the Task column, select Access Protection, right-click, and select Properties.

Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Spyware Maximum Protection". Ensure the "Prevent execution of scripts from the Temp folder" (Block and Report) option is selected.

Criteria: If the "Prevent execution of scripts from the Temp folder" (Block and Report) option is selected, this is not a finding.

Fix Text (F-48141r4_fix)
Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console. Under the Task column, select Access Protection, right-click, and select Properties. Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Spyware Maximum Protection". Select the "Prevent execution of scripts from the Temp folder" (Block and Report) option. Click OK to save.

Fix Text (F-48141r4_fix)

Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console.
Under the Task column, select Access Protection, right-click, and select Properties.

Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Spyware Maximum Protection". Select the "Prevent execution of scripts from the Temp folder" (Block and Report) option.

Click OK to save.