The Symantec Endpoint Protection client scheduled weekly scan must be configured to scan memory.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-42778 | DTASEP044 | SV-55506r2_rule | Medium |
| Description |
|---|
| Antivirus software is the most commonly used technical control for malware threat mitigation. Antivirus software on hosts should be configured to scan all hard drives regularly to identify any file system infections and to scan any removable media, if applicable, before media is inserted into the system. Not scheduling a regular scan of the hard drives of a system and/or not configuring the scan to scan all files introduces a higher risk of threats going undetected. |
| STIG | Date |
|---|---|
| Symantec Endpoint Protection 12.1 Local Client Antivirus STIG | 2015-06-30 |
Details
| Check Text ( C-49050r3_chk ) |
|---|
| GUI check: Locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen. On the left hand side, select Scan for Threats -> Double-click the applied policy -> Under Scan Options, Scan Enhancements -> Ensure "Memory" is selected. Criteria: If "Memory" is not selected, this is a finding. On the machine use the Windows Registry Editor to navigate to the following key: 32 bit: HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\LocalScans\{scan ID} 64 bit: HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\LocalScans\{scan ID} Criteria: If the value of ScanProcesses is not 1, this is a finding. |
| Fix Text (F-48364r1_fix) |
|---|
| Locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen. On the left hand side, select Scan for Threats -> Double-click the applied policy -> Under Scan Options, Scan Enhancements -> Select "Memory". |