McAfee VirusScan must be configured to receive DAT and Engine updates.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6585	DTAM016	SV-56375r2_rule		Medium

Description
Antivirus signature files are updated almost daily by antivirus software vendors. These files are made available to antivirus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system. The antivirus software product must be configured to receive those updates automatically in order to afford the expected protection.

STIG	Date
McAfee VirusScan 8.8 Local Client STIG	2018-07-09

Details

Check Text ( C-49301r6_chk )
NOTE: Automatic updates to antivirus signature definitions are to be performed once every 24 hours for hosts connected to the network. Hosts not connected to the network must be updated manually. Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console. Under the “Task” column, right-click on the “AutoUpdate” option, select “Properties”. Click the “Schedule” button. On the “Task” tab, the selection for "Enable (scheduled task runs at specified time)" must be selected. On the “Schedule” tab, the "Run task:" option must be configured with “Daily”. Alternative Registry method: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee for 32-bit systems HKLM\Software\Wow6432Node\McAfee for 64-bit systems \DesktopProtection\Tasks\{A14CD6FC-3BA8-4703-87BF-e3247CE382F5} Criteria: If “bSchedEnabled=1” (indicates Scheduling is enabled) and “eScheduleType=0” (indicates Daily), this is not a finding. If “bSchedEnabled=0” (indicates Scheduling is not enabled), this is a finding. If the “AutoUpdate” task schedule is not enabled, or is not configured to run at a frequency of “Daily”, this is a finding.

Check Text ( C-49301r6_chk )

NOTE: Automatic updates to antivirus signature definitions are to be performed once every 24 hours for hosts connected to the network. Hosts not connected to the network must be updated manually.

Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console.

Under the “Task” column, right-click on the “AutoUpdate” option, select “Properties”.
Click the “Schedule” button.
On the “Task” tab, the selection for "Enable (scheduled task runs at specified time)" must be selected.
On the “Schedule” tab, the "Run task:" option must be configured with “Daily”.

Alternative Registry method:
Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee for 32-bit systems
HKLM\Software\Wow6432Node\McAfee for 64-bit systems
\DesktopProtection\Tasks\{A14CD6FC-3BA8-4703-87BF-e3247CE382F5}

Criteria:
If “bSchedEnabled=1” (indicates Scheduling is enabled) and “eScheduleType=0” (indicates Daily), this is not a finding.

If “bSchedEnabled=0” (indicates Scheduling is not enabled), this is a finding.

If the “AutoUpdate” task schedule is not enabled, or is not configured to run at a frequency of “Daily”, this is a finding.

Fix Text (F-49058r2_fix)
Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. Under the Task column, find the AutoUpdate option, right-click, and choose Properties. Click the Schedule button. On the Task tab, select "Enable (scheduled task runs at specified time)". On the Schedule tab, the "Run task:" option must be configured with Daily. Click OK to save.