UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Symantec Endpoint Protection client must be verified as uploading SEP client detail to ePO.


Overview

Finding ID Version Rule ID IA Controls Severity
V-42671 DTASEP007 SV-55399r1_rule Medium
Description
All systems at DoD sites are managed by the site's HBSS ePO server for host based security. When sites choose to deploy Symantec AntiVirus products to their managed systems, these systems appear to HBSS as not protected for antivirus. When the HBSS ePO server uploads asset postures to US CYBERCOM, the systems will reflect as not having antivirus installed. In order that the Symantec status in the asset's posture within HBSS is reported, the Symantec Client Status plug-in needs to be deployed to the Symantec-install system from the HBSS ePO server and verified to be reporting its Symantec status back to the ePO server.
STIG Date
Symantec Endpoint Protection 12.1 Local Client Antivirus STIG 2015-06-30

Details

Check Text ( C-48942r1_chk )
Note: This check is N/A for Stand alone systems which are NOT connected to HBSS.

On the system to which the Symantec Endpoint Protection has been installed, open a Windows Explorer window and navigate to C:\ProgramData\McAfee\Common Framework (on 64-bit systems) or C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework (on 32-bit systems).

Find and open with Internet Explorer the file named LastPropsSentToServer.xml.

Verify the following information in the file:

should be recent (current day)

SoftwareID="S_SEPEVT1100"
Setting name="ProductName">Symantec Endpoint Protection
Setting name="szProductVer">12.1.1101.401

If the LastPropsSentToServer.xml does not reflect a current date and/or does not include a section for SoftwareID="S_SEPEVT1100", this is a finding.
Fix Text (F-48256r1_fix)
The fix will require assistance of the HBSS administrator. The HBSS administrator should verify the McAfee Agent is successfully communicating to the ePO server. The HBSS administrator should re-deploy the Symantec Client State Plugin and verify it uploads Symantec client status correctly to the ePO server.