McAfee VirusScan On-Access General Policies must be configured to scan boot sectors.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6467 | DTAM002 | SV-55135r1_rule | Medium |
| Description |
|---|
| Boot sector viruses will install into the boot sector of a system, ensuring that they will execute when the user boots the system. This risk is mitigated by scanning boot sectors at each startup of the system. |
| STIG | Date |
|---|---|
| McAfee VirusScan 8.8 Managed Client STIG | 2019-09-24 |
Details
| Check Text ( C-48773r2_chk ) |
|---|
| From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select from the Policy column the policy associated with the On-Access General Policies. Under the General tab, locate the "Scan:" label. Ensure the "Boot Sectors" option is selected. Criteria: If the "Boot Sectors" option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\On Access Scanner\McShield\Configuration Criteria: If the value of bDontScanBootSectors is 0, this is not a finding. If the value is 1, this is a finding. |
| Fix Text (F-47992r3_fix) |
|---|
| From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select from the Policy column the policy associated with the On-Access General Policies. Under the General tab, locate the "Scan:" label. Select the "Boot Sectors" option. Select Save. |