UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Symantec Endpoint Protection client User-defined Exceptions option must not be configured to exclude any files from scanning unless exclusions have been documented with, and approved by, the IAO/IAM.


Overview

Finding ID Version Rule ID IA Controls Severity
V-42666 DTASEP002 SV-55394r1_rule Medium
Description
When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware.
STIG Date
Symantec Endpoint Protection 12.1 Local Client Antivirus STIG 2015-06-30

Details

Check Text ( C-48937r1_chk )
On the machine, locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen -> Select "Change Settings" on the left side of the screen -> Select "Configure Settings" for Exceptions -> Ensure there are not any User-defined Exceptions listed that are not documented with, and approved by, the IAO/IAM.

Criteria: If any User-defined Exceptions are listed and not documented with, and approved by, the IAO/IAM, this is a finding.
Fix Text (F-48251r1_fix)
On the client machine, locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen -> Select "Change Settings" on the left side of the screen -> Select "Configure Settings" for Exceptions. Remove any User-defined Exceptions that are not documented with, and approved by, the IAO/IAM.