Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-42634 | DTASEP014 | SV-55362r1_rule | Medium |
Description |
---|
Interpreted viruses are executed by an application. Within this subcategory, macro viruses take advantage of the capabilities of applications' macro programming language to infect application documents and document templates, while scripting viruses infect scripts that are understood by scripting languages processed by services on the OS. Many attackers use toolkits containing several different types of utilities and scripts that can be used to probe and attack hosts. (NIST SP 800-83) The scanning of files when accessed or modified is crucial in preventing these attacks. |
STIG | Date |
---|---|
Symantec Endpoint Protection 12.1 Managed Client Antivirus | 2014-07-03 |
Check Text ( C-48905r1_chk ) |
---|
Server check: From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Protection Technology -> Select Auto-Protect -> Select the Scan Details tab -> Under Scanning, Additional Options -> Select Advanced Scanning and Monitoring -> Under Scan Files When -> Ensure "Scan when a file is accessed or modified" is selected. Criteria: If "Scan when a file is accessed or modified" is not selected, this is a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: 32 bit: HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan 64 bit: HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan Criteria: If the value of Reads is not 1, this is a finding. |
Fix Text (F-48218r1_fix) |
---|
From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Protection Technology, select Auto-Protect -> Select the Scan Details tab -> Under Scanning, Additional Options -> Select Advanced Scanning and Monitoring -> Under Scan Files When -> Select "Scan when a file is accessed or modified" . |