UCF STIG Viewer Logo

The Symantec Endpoint Protection client Auto-Protect Risk Tracer must be enabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-42685 DTASEP021 SV-55413r1_rule Medium
Description
Potentially Unwanted Programs (PUPs) include Spyware, Adware, Remote Administration Tools, Dialers, Password Crackers, Jokes, and Key Loggers. While PUPs do not typically have any infection capability on their own, they rely on malware or other attach mechanisms to be installed onto target hosts, after which they will collect and transfer data from the host to an external host and/or will be used as attach mechanisms. The scanning for unknown program viruses will mitigate zero day attacks.
STIG Date
Symantec Endpoint Protection 12.1 Local Client Antivirus STIG 2015-06-30

Details

Check Text ( C-48956r1_chk )
GUI check: Locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen. On the left hand side, select Change settings -> Under Virus and Spyware Protection -> Select Configure Settings -> Under the Auto-Protect tab -> Select Advanced -> Under Risk Tracer -> Ensure "Enable Risk Tracer" is selected.

Criteria: If "Enable Risk Tracer", is not selected, this is a finding.

On the machine use the Windows Registry Editor to navigate to the following key:
32 bit:
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan
64 bit:
HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan

Criteria: If the value of ThreatTracerOnOff is not 1, this is a finding.
Fix Text (F-48270r1_fix)
Locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen. On the left hand side, select Change settings -> Under Virus and Spyware Protection -> Select Configure Settings -> Under the Auto-Protect tab -> Select Advanced -> Under Risk Tracer -> Select "Enable Risk Tracer".