Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-42704 | DTASEP049 | SV-55432r1_rule | Medium |
Description |
---|
An effective awareness program explains proper rules of behavior for use of an organization's IT systems and information. Accordingly, awareness programs should include guidance to users on malware incident prevention, which can help reduce the frequency and severity of malware incidents. Organizations should also make users aware of policies and procedures that apply to malware incident handling, such as how to identify if a host may be infected, how to report a suspected incident, and what users need to do to assist with incident handling Having the antivirus software alert a user when a risk is detected will ensure the user is aware of the incident, and will make it possible to more closely relate the incident to any action(s) being performed by the user at the time of the detection. |
STIG | Date |
---|---|
Symantec Endpoint Protection 12.1 Managed Client Antivirus | 2014-07-03 |
Check Text ( C-48975r1_chk ) |
---|
Server check: From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Scheduled Scans -> Select Administrator-Defined Scans -> Double-click the Weekly Scan -> under the Notifications tab, Notifications -> Ensure "Display a notification message on the infected computer" is selected. Criteria: If "Display a notification message on the infected computer" is not selected, this is a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: 32 bit: HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Scheduler\{SID}\Custom Tasks\{scan ID} 64 bit: HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Scheduler\{SID}\Custom Tasks\{scan ID} Criteria: If the value MessageBox is not 1, this is a finding. |
Fix Text (F-48289r1_fix) |
---|
From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Scheduled Scans -> Select Administrator-Defined Scans -> Double-click the Weekly Scan -> Under the Notifications tab, Notifications -> Select "Display a notification message on the infected computer". |