UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The antivirus signature file age must not exceed 7 days.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19910 DTAG008 SV-55133r2_rule High
Description
Antivirus signature files are updated almost daily by antivirus software vendors. These files are made available to antivirus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system.
STIG Date
McAfee VirusScan 8.8 Managed Client STIG 2019-03-19

Details

Check Text ( C-48771r13_chk )
Guidance in DTAM016 requires updates be run daily, automatically or manually. If compliant, the DAT date will be within 24-48 hours old. Since automated update tasks’ success is not guaranteed, the expectation is for update task success to be frequently monitored and corrected when unsuccessful. To allow for that correction, the minimum acceptable threshold for DAT date is not to exceed 7 days.

On the client machine, right-click on the McAfee red shield icon in the taskbar.

Choose "About".

Scroll down to the "McAfee VirusScan Enterprise + AntiSpyware Enterprise" section.

Review the date for "DAT Created On:".

Criteria: If the "DAT Created On:" date is older than 7 days from the current date, this is a finding.

From the ePO server console System Tree, select the "Systems" tab, select the asset to be checked, and double-click to open its properties. Under the System Information, scroll down to the VirusScan Enterprise section and click on the "More" link in the top-right portion of the VirusScan Enterprise section. Scroll down to the General section and confirm the DAT Date reflected is within the last 7 days.

Criteria: If the DAT Date is older than 7 days from the current date, this is a finding.

NOTE: If the vendor or trusted site's files are also older than 7 days and match the date of the signature files on the machine, this is not a finding.
Fix Text (F-47990r1_fix)
Update client machines via ePO client task. If this fails to update the client, update antivirus signature files as your local process describes (e.g., auto update or runtime executable.)