Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-42671 | DTASEP007 | SV-55399r1_rule | Medium |
Description |
---|
All systems at DoD sites are managed by the site's HBSS ePO server for host based security. When sites choose to deploy Symantec AntiVirus products to their managed systems, these systems appear to HBSS as not protected for antivirus. When the HBSS ePO server uploads asset postures to US CYBERCOM, the systems will reflect as not having antivirus installed. In order that the Symantec status in the asset's posture within HBSS is reported, the Symantec Client Status plug-in needs to be deployed to the Symantec-install system from the HBSS ePO server and verified to be reporting its Symantec status back to the ePO server. |
STIG | Date |
---|---|
Symantec Endpoint Protection 12.1 Local Client Antivirus STIG | 2014-07-03 |
Check Text ( C-48942r1_chk ) |
---|
Note: This check is N/A for Stand alone systems which are NOT connected to HBSS. On the system to which the Symantec Endpoint Protection has been installed, open a Windows Explorer window and navigate to C:\ProgramData\McAfee\Common Framework (on 64-bit systems) or C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework (on 32-bit systems). Find and open with Internet Explorer the file named LastPropsSentToServer.xml. Verify the following information in the file: SoftwareID="S_SEPEVT1100" Setting name="ProductName">Symantec Endpoint Protection Setting name="szProductVer">12.1.1101.401 If the LastPropsSentToServer.xml does not reflect a current |
Fix Text (F-48256r1_fix) |
---|
The fix will require assistance of the HBSS administrator. The HBSS administrator should verify the McAfee Agent is successfully communicating to the ePO server. The HBSS administrator should re-deploy the Symantec Client State Plugin and verify it uploads Symantec client status correctly to the ePO server. |