Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-42702 | DTASEP047 | SV-55430r1_rule | Medium |
Description |
---|
This setting is required for the weekly scan parameter Security Risks First Action policy. When a security risk is detected, the first action to be performed must be the option to quarantine the risk. |
STIG | Date |
---|---|
Symantec Endpoint Protection 12.1 Managed Client Antivirus | 2014-10-01 |
Check Text ( C-48966r3_chk ) |
---|
Server check: From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Scheduled Scans -> Select Administrator-Defined Scans -> Double-click the Weekly Scan -> Under the Insight Lookup tab, Malicious files -> Ensure First action is set to "Quarantine Risk". Criteria: If First action is not set to "Quarantine Risk", this is a finding. On the client machine use the Windows Registry Editor to navigate to the following key: 32 bit: HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Scheduler\{SID}\Custom Tasks\{Scan ID}\Malware\TCID-18 64 bit: HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Scheduler\{SID}\Custom Tasks\{Scan ID}\Malware\TCID-18 Criteria: If the value of FirstAction is not 1, this is a finding. |
Fix Text (F-48287r1_fix) |
---|
From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Scheduled Scans -> Select Administrator-Defined Scans -> Double-click the Weekly Scan -> Under the Insight Lookup tab, Malicious files -> Set First action to "Quarantine Risk". |