Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-14624 | DTAM102 | SV-55225r1_rule | Medium |
Description |
---|
Antivirus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are read from disk is a crucial first line of defense from malware attacks. |
STIG | Date |
---|---|
McAfee VirusScan 8.8 Managed Client STIG | 2016-06-30 |
Check Text ( C-48816r2_chk ) |
---|
From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select from the Policy column the policy associated with the On-Access Default Processes Policies. Under the Scan Items tab, locate the "Scan files:" label. Ensure the "When reading from disk" option is selected. Criteria: If the "When reading from disk" option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\On Access Scanner\McShield\Configuration\Default Criteria: If the value bScanOutgoing is 1, this is not a finding. If the value is 0, this is a finding. |
Fix Text (F-48081r2_fix) |
---|
From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select from the Policy column the policy associated with the On-Access Default Processes Policies. Under the Scan Items tab, locate the "Scan files:" label. Select the "When reading from disk" option. Select Save. |