UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Symantec Endpoint Protection client weekly scheduled scan must be configured to display a message to the user if a virus is detected.


Overview

Finding ID Version Rule ID IA Controls Severity
V-42704 DTASEP049 SV-55432r1_rule Medium
Description
An effective awareness program explains proper rules of behavior for use of an organization's IT systems and information. Accordingly, awareness programs should include guidance to users on malware incident prevention, which can help reduce the frequency and severity of malware incidents. Organizations should also make users aware of policies and procedures that apply to malware incident handling, such as how to identify if a host may be infected, how to report a suspected incident, and what users need to do to assist with incident handling Having the antivirus software alert a user when a risk is detected will ensure the user is aware of the incident, and will make it possible to more closely relate the incident to any action(s) being performed by the user at the time of the detection.
STIG Date
Symantec Endpoint Protection 12.1 Managed Client Antivirus 2014-07-03

Details

Check Text ( C-48975r1_chk )
Server check: From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Scheduled Scans -> Select Administrator-Defined Scans -> Double-click the Weekly Scan -> under the Notifications tab, Notifications -> Ensure "Display a notification message on the infected computer" is selected.

Criteria: If "Display a notification message on the infected computer" is not selected, this is a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
32 bit:
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Scheduler\{SID}\Custom Tasks\{scan ID}
64 bit:
HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Scheduler\{SID}\Custom Tasks\{scan ID}

Criteria: If the value MessageBox is not 1, this is a finding.
Fix Text (F-48289r1_fix)
From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Scheduled Scans -> Select Administrator-Defined Scans -> Double-click the Weekly Scan -> Under the Notifications tab, Notifications -> Select "Display a notification message on the infected computer".