Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-42535 | DTAM156 | SV-55263r1_rule | Medium |
Description |
---|
The cache is a list of scanned files that have been determined to be clean. The scanner will use this list to reduce duplicate file scanning. While disabling the cache persistence may result in performance degradation, the risk of enabling it may allow malware to go undetected. |
STIG | Date |
---|---|
McAfee VirusScan 8.8 Managed Client STIG | 2016-01-04 |
Check Text ( C-48853r2_chk ) |
---|
NOTE: If the system being configured/reviewed is a server, this setting is Not Applicable. This setting is required for workstations. From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select from the Policy column the policy associated with the General Options Policies. Under the Global Scan Settings tab, locate the "Scan Cache:" label. Ensure the "Allow On-Demand Scans to utilize the scan cache" option is NOT selected. Criteria: If the "Allow On-Demand Scans to utilize the scan cache" option is selected, this is a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\On Access Scanner\McShield\Configuration Criteria: If the value of bODSUseCache is REG_DWORD = 0, this is not a finding. If the value is 1, this is a finding. |
Fix Text (F-48117r2_fix) |
---|
From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select from the Policy column the policy associated with the General Options Policies. Under the Global Scan Settings tab, locate the "Scan cache:" label. Ensure the "Allow On-Demand Scans to utilize the scan cache" option is NOT selected. Select Save. |