The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive all patches, service packs and updates from a DoD-managed source.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-63065	DTAVSEL-201	SV-77555r1_rule		Medium

Description
Anti-virus signature files are updated almost daily by anti-virus software vendors. These files are made available to anti-virus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system. The anti-virus software product must be configured to receive those updates automatically in order to afford the expected protection. While obtaining updates, patches, service packs and updates from the vendor are timelier, the possibility of corruption or malware being introduced to the system is higher. By obtaining these from an official DoD source and/or downloading them to a separate system first and validating them before making them available to systems, the possibility of malware being introduced is mitigated.

Description

Anti-virus signature files are updated almost daily by anti-virus software vendors. These files are made available to anti-virus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system. The anti-virus software product must be configured to receive those updates automatically in order to afford the expected protection. While obtaining updates, patches, service packs and updates from the vendor are timelier, the possibility of corruption or malware being introduced to the system is higher. By obtaining these from an official DoD source and/or downloading them to a separate system first and validating them before making them available to systems, the possibility of malware being introduced is mitigated.

STIG	Date
McAfee VSEL 1.9/2.0 Managed Client Security Technical Implementation Guide	2020-03-24

Details

Check Text ( C-63817r1_chk )
Log into the ePO server console. From Menu, select Configuration >> Server Settings. From Setting Categories, select Source Sites. Verify the DoD-controlled entry (mcafee.csd.disa.mil) for source repositories is present. If the DoD-controlled entry for source sites is not present, this is a finding. Note: If this is a disconnected network, this requirement can be met via the use of a manual distribution. The process must be documented and meet the requirements for frequency as defined in this document. Note: If the ePO server is outside of the .mil address space (such as, .edu, .gov, etc.), connection to the DoD-controlled servers for updates will not be possible. In this case, updates from the vendor are acceptable and this check should be marked NA.

Check Text ( C-63817r1_chk )

Log into the ePO server console.

From Menu, select Configuration >> Server Settings.

From Setting Categories, select Source Sites.

Verify the DoD-controlled entry (mcafee.csd.disa.mil) for source repositories is present.

If the DoD-controlled entry for source sites is not present, this is a finding.

Note: If this is a disconnected network, this requirement can be met via the use of a manual distribution. The process must be documented and meet the requirements for frequency as defined in this document.

Note: If the ePO server is outside of the .mil address space (such as, .edu, .gov, etc.), connection to the DoD-controlled servers for updates will not be possible. In this case, updates from the vendor are acceptable and this check should be marked NA.

Fix Text (F-68983r1_fix)
Configure the ePO server to use the DoD-controlled source repository.