UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Symantec Endpoint Protection client Auto-Protect File Types options must be configured to scan all files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-42632 DTASEP012 SV-55360r1_rule Medium
Description
When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware.
STIG Date
Symantec Endpoint Protection 12.1 Managed Client Antivirus 2014-07-03

Details

Check Text ( C-48903r1_chk )
Server check: From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Protection Technology, select Auto-Protect -> Select the Scan Details tab -> Under Scanning, File types -> Ensure "Scan all files" is selected.

Criteria: If "Scan all files" is not selected, this is a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
32 bit:
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan
64 bit:
HKLM\SOFTWARE\Wow632Node\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan

Criteria: If the value of FileType is not 0, this is a finding.
Fix Text (F-48216r1_fix)
From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Protection Technology, select Auto-Protect -> Select the Scan Items tab -> Under Scanning, File types -> Select "Scan all files".