UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Symantec Endpoint Protection client weekly scheduled scan must be configured to scan all file types or to scan excluded files option must be documented with, and approved by, IAO/IAM.


Overview

Finding ID Version Rule ID IA Controls Severity
V-42691 DTASEP045 SV-55419r1_rule Medium
Description
When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware.
STIG Date
Symantec Endpoint Protection 12.1 Managed Client Antivirus 2014-07-03

Details

Check Text ( C-48962r1_chk )
Server check: From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Scheduled Scans -> Select Administrator-Defined Scans -> Double-click the Weekly Scan -> Under the Scan Details tab, Scanning -> Ensure "Scan all files" is selected, or If "Scan Only Selected Extensions:" is selected -> Select Extensions -> Ensure any selected extensions are documented and approved by the IAO/IAM.

Criteria: If "Scan all files" is not selected, or If "Scan Only Selected Extensions" is selected and the extensions are not documented with, and approved by, the IAO/IAM, this is a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
32 bit:
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Scheduler\{SID}\Custom Tasks\{Scan ID}
64 bit:
HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Scheduler\{SID}\Custom Tasks\{Scan ID}

Criteria: If the value of FileType is not 1, or If the value of "ExcludeByExtension", "HaveExceptionDirs", "HaveExceptionFiles" are 1, and the IAO/IAM has approved the use of exclusions, this is not a finding.
Fix Text (F-48276r1_fix)
From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Scheduled Scans -> Select Administrator-Defined Scans -> Double-click the Weekly Scan -> Under the Scan Details tab, Scanning -> Select "Scan all files", or If "Scan Only Selected Extensions:" is selected -> Select Extensions -> Ensure any selected extensions are documented with, and approved by, the IAO/IAM.