UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Symantec Endpoint Protection 12.1 Local Client Antivirus STIG


Overview

Date Finding Count (113)
2015-06-30 CAT I (High): 3 CAT II (Med): 110 CAT III (Low): 0
STIG Description
The Symantec Endpoint protection 12.1 Local Client Antivirus STIG is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the NIST 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Classified)

Finding ID Severity Title
V-42674 High The Symantec Endpoint Protection client File System Auto-Protect must be enabled.
V-42665 High The Symantec Endpoint Protection clients antivirus signature file age must be no older than 7 days.
V-42670 High The Symantec Endpoint Protection client must have the Symantec Client State Plug-in for ePO deployed.
V-42839 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Joke Program sub-level.
V-42838 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Hack Tool sub-level.
V-42831 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect must be configured to send a notification email to the IAO, IAM, and/or ePO administrator when a threatened email message is detected.
V-42830 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect must be configured to not send a notification to the sender of an email in which a threat was detected.
V-42833 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions must be explicitly configured at the top, Malware, level and not be overridden by sub-levels.
V-42832 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect must be configured to send a notification email to the IAO, IAM, and/or ePO administrator when a threatened email message is detected.
V-42835 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions for when malware has been detected must be configured to Delete Risk if first action fails.
V-42834 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions for when malware has been detected must be configured to Clean Risk as first action.
V-42837 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Dialer sub-level.
V-42836 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Adware sub-level.
V-42741 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions settings must be explicitly configured at the top, Security Risks, level and not be overridden by the Trackware sub-level.
V-42740 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions settings must be explicitly configured at the top, Security Risks, level and not be overridden by the Spyware sub-level.
V-42699 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions settings must be explicitly configured at the top, Security Risks, level and not be overridden by the Joke Program sub-level.
V-42698 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions settings must be explicitly configured at the top, Security Risks, level and not be overridden by the Hack Tool sub-level.
V-42695 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions for Malware must be configured to Delete Risk if first action fails.
V-42694 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions for Malware must be configured to Clean Risk as the first action upon detection.
V-42697 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions settings must be explicitly configured at the top, Security Risks, level and not be overridden by the Dialer sub-level.
V-42696 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions settings must be explicitly configured at the top, Security Risks, level and not be overridden by the Adware sub-level.
V-42690 Medium The Symantec Endpoint Protection client Global Scan Heuristics Level must be set to Automatic, at a minimum.
V-42692 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions settings must be explicitly configured at the top, Malware, level and not be overridden by sub-levels.
V-42809 Medium The Symantec Endpoint Protection client Outlook Auto-Protect must be configured to send a notification email to the IAO, IAM, and/or ePO administrator when a threatened email message is detected.
V-42688 Medium The Symantec Endpoint Protection client Global Settings Bloodhound heuristic technology must be enabled.
V-42682 Medium The Symantec Endpoint Protection client Auto-Protect Advanced Options Floppy Settings must be configured to check floppies when the system shuts down.
V-42683 Medium The Symantec Endpoint Protection client Auto-Protect option to Scan for Security Risks must be enabled.
V-42680 Medium The Symantec Endpoint Protection client Auto-Protect Advanced Options Automatic enablement setting must be enabled.
V-42681 Medium The Symantec Endpoint Protection client Auto-Protect Advanced Options Floppy Settings must be enabled to scan for boot viruses.
V-42686 Medium The Symantec Endpoint Protection client Auto-Protect Risk Tracer must be configured to resolve source IP address.
V-42687 Medium The Symantec Endpoint Protection client Auto-Protect Risk Tracer must be configured to poll network sessions.
V-42684 Medium The Symantec Endpoint Protection client Auto-Protect option to Delete newly created infected files must be enabled.
V-42685 Medium The Symantec Endpoint Protection client Auto-Protect Risk Tracer must be enabled.
V-42826 Medium The Symantec Endpoint Protection Internet Email Auto-Protect must be enabled.
V-42827 Medium The Symantec Endpoint Protection Internet email Auto-Protect client must be configured to scan all file types.
V-42824 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions for when a Security Risk has been detected must be configured to Delete Risk as first action.
V-42825 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions for when a Security Risk has been detected must be configured to Quarantine Risk if first action fails.
V-42822 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Spyware sub-levels.
V-42823 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Trackware sub-level.
V-42820 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Security Assessment Tool sub-level.
V-42821 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Security Risk sub-level.
V-42828 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect must be configured to scan inside zipped files.
V-42829 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect for notification must be configured to insert a warning into email messages when a message part has been deleted, cleaned, or quarantined.
V-42807 Medium The Symantec Endpoint Protection client Outlook Auto-Protect must be configured to insert a warning into email messages when a message part has been deleted, cleaned, or quarantined.
V-42677 Medium The Symantec Endpoint Protection Auto-Protect client Detection Options must be configured to display a notification to the user when a risk is detected.
V-42676 Medium The Symantec Endpoint Protection client Auto-Protect File Types options must be configured to scan all files.
V-42675 Medium The Symantec Endpoint Protection client Auto-Protect reload must be configured to stop and reload when the configuration changes.
V-42673 Medium The Symantec Endpoint Protection client Insight lookup for threat detection must be enabled.
V-42672 Medium The Symantec Endpoint Protection clients File Reputation Data Submission must be disabled from automatically forwarding selected anonymous security information to Symantec.
V-42778 Medium The Symantec Endpoint Protection client scheduled weekly scan must be configured to scan memory.
V-42779 Medium The Symantec Endpoint Protection client weekly scheduled scan must be configured to scan all file types or scan exclude files option must be documented with, and approved by, IAO/IAM.
V-42776 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions for Security Risks must be configured to Quarantine Risk if first action fails.
V-42777 Medium The Symantec Endpoint Protection client must be configured with a full scan scheduled to run at least weekly.
V-42775 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions for Security Risks must be configured to Delete Risk as the first action upon detection.
V-42679 Medium The Symantec Endpoint Protection client Auto-Protect Backup Option must be disabled to prevent backing up infected files before attempting to repair them.
V-42678 Medium The Symantec Endpoint Protection client Auto-Protect Advanced Options must be configured to scan files when accessed or modified.
V-42783 Medium The Symantec Endpoint Protection client weekly scheduled scan must be configured to display a message to the user if a virus is detected.
V-42782 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling File Reputation lookup detections must be set to Leave alone (log only) if first action fails.
V-42781 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling File Reputation lookup detections must be set to Quarantine Risk as first action.
V-42780 Medium The Symantec Endpoint Protection client weekly scheduled scan must be configured to use Insight File Reputation lookup, when scanning, set to a sensitivity level of at least 5 (Typical).
V-42787 Medium The Symantec Endpoint Protection client weekly scheduled scan must be configured for scanning well-known viruses and security risks.
V-42786 Medium The Symantec Endpoint Protection client weekly scheduled scan must be configured for scanning load points.
V-42785 Medium The Symantec Endpoint Protection client weekly scheduled scan backup option must be disabled to prevent backing up infected files before attempting to repair them.
V-42784 Medium The Symantec Endpoint Protection client weekly scheduled scan must be configured to scan compressed files.
V-42789 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for when malware has been detected must be configured to Clean Risk as first action.
V-42788 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling malware upon detection must be explicitly configured at the top, Malware, level and not be overridden by sub-levels.
V-42666 Medium The Symantec Endpoint Protection client User-defined Exceptions option must not be configured to exclude any files from scanning unless exclusions have been documented with, and approved by, the IAO/IAM.
V-42840 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Misleading Application sub-level.
V-42841 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Parental Control sub-level.
V-42842 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Remote Access sub-level.
V-42667 Medium The Symantec Endpoint Protection client Global Settings for Log Retention must be enabled and configured to retain logs for 30 days.
V-42844 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Security Risk sub-level.
V-42845 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Spyware sub-level.
V-42846 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Trackware sub-level.
V-42847 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions for when a Security Risk has been detected must be configured to Delete Risk as first action.
V-42848 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions for when a Security Risk has been detected must be configured to Quarantine risk if first action fails.
V-42843 Medium The Symantec Endpoint Protection client Internet Email Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Security Assessment Tool sub-level.
V-42701 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions settings must be explicitly configured at the top, Security Risks, level and not be overridden by the Parental Control sub-level.
V-42700 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions settings must be explicitly configured at the top, Security Risks, level and not be overridden by the Misleading Application sub-level.
V-42668 Medium The Symantec Endpoint Protection client must be scheduled to auto update.
V-42669 Medium The Symantec Endpoint Protection client Tamper Protection must be configured to block attempts to tamper with or shut down the client.
V-42790 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for when malware has been detected must be configured to Delete Risk if first action fails.
V-42791 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling security risks upon detection must be explicitly configured at the top, Security Risks, level and not be overridden by the Adware sub-level.
V-42792 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling security risks upon detection must be explicitly configured at the top, Security Risks, level and not be overridden by the Dialer sub-level.
V-42793 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling security risks upon detection must be explicitly configured at the top, Security Risks, level and not be overridden by the Hack Tool sub-level.
V-42794 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling security risks upon detection must be explicitly configured at the top, Security Risks, level and not be overridden by the Joke Program sub-level.
V-42795 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling security risks upon detection must be explicitly configured at the top, Security Risks, level and not be overridden by the Misleading Application sub-level.
V-42796 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling security risks upon detection must be explicitly configured at the top, Security Risks, level and not be overridden by the Parental Control sub-level.
V-42797 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling security risks upon detection must be explicitly configured at the top, Security Risks, level and not be overridden by the Remote Access sub-level.
V-42798 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling security risks upon detection must be explicitly configured at the top, Security Risks, level and not be overridden by the Security Assessment Tool sub-level.
V-42799 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling security risks upon detection must be explicitly configured at the top, Security Risks, level and not be overridden by the Security Risk sub-level.
V-42819 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Remote Access sub-level.
V-42818 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Parental Control sub-level.
V-42817 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Misleading Application sub-level.
V-42816 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Joke Program sub-level.
V-42815 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Hack Tool sub-level.
V-42814 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Dialer sub-level.
V-42813 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions must be explicitly configured at the top, Security Risks, level and not be overridden by the Adware sub-level.
V-42812 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions for when malware has been detected must be configured to Delete Risk if first action fails.
V-42811 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions for when malware has been detected must be configured to Clean Risk as first action.
V-42810 Medium The Symantec Endpoint Protection client Outlook Auto-Protect actions must be explicitly configured at the top, Malware, level and not be overridden by sub-levels.
V-42808 Medium The Symantec Endpoint Protection client Outlook Auto-Protect must be configured to not send a notification to the sender of an email in which a threat was detected.
V-42671 Medium The Symantec Endpoint Protection client must be verified as uploading SEP client detail to ePO.
V-42804 Medium The Symantec Endpoint Protection client Outlook Auto-Protect client must be enabled.
V-42805 Medium The Symantec Endpoint Protection client Outlook Auto-Protect client must be configured to scan all file types.
V-42806 Medium The Symantec Endpoint Protection client Outlook Auto-Protect must be configured to scan inside zipped files.
V-42800 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling security risks upon detection must be explicitly configured at the top, Security Risks, level and not be overridden by the Spyware sub-level.
V-42801 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for handling security risks upon detection must be explicitly configured at the top, Security Risks, level and not be overridden by the Trackware sub-level.
V-42802 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for when a Security Risk has been detected must be configured to Delete risk as first action.
V-42803 Medium The Symantec Endpoint Protection client weekly scheduled scan actions for when a Security Risk has been detected must be configured to Quarantine risk if first action fails.
V-42737 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions settings must be explicitly configured at the top, Security Risks, level and not be overridden by the Remote Access sub-level.
V-42738 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions settings must be explicitly configured at the top, Security Risks, level and not be overridden by the Security Assessment Tool sub-level.
V-42739 Medium The Symantec Endpoint Protection client Auto-Protect Scan Actions settings must be explicitly configured at the top, Security Risks, level and not be overridden by the Security Risk sub-level.