The Symantec Endpoint Protection clients antivirus signature file age must be no older than 7 days.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-42609	DTASEP001	SV-55337r1_rule		High

Description
Antivirus signature files are updated almost daily by antivirus software vendors. These files are made available to antivirus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system. Without current virus definitions the virus scan will not be able to detect new viruses, putting the system and network at risk.

STIG	Date
Symantec Endpoint Protection 12.1 Managed Client Antivirus	2015-07-08

Details

Check Text ( C-48890r1_chk )
Note: If the vendor or trusted site's files are also older than 7 days and match the date of the signature files on the machine, this is not a finding. On the client machine, locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen. Under the Status tab, observe the "Definitions:" area for Virus and Spyware Protection, Proactive Threat Protection, and Network Threat Protection. Criteria: If the "Definitions:" date is older than 7 calendar days from the current date, this is a finding. On the client machine use the Windows Registry Editor to navigate to the following key: 32 bit: HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate 64 bit: HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate Criteria: If the "LatestVirusDefsDate" is older than 7 calendar days from the current date, this is a finding.

Check Text ( C-48890r1_chk )

Note: If the vendor or trusted site's files are also older than 7 days and match the date of the signature files on the machine, this is not a finding.

On the client machine, locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen. Under the Status tab, observe the "Definitions:" area for Virus and Spyware Protection, Proactive Threat Protection, and Network Threat Protection.

Criteria: If the "Definitions:" date is older than 7 calendar days from the current date, this is a finding.

On the client machine use the Windows Registry Editor to navigate to the following key:
32 bit:
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate
64 bit:
HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate

Criteria: If the "LatestVirusDefsDate" is older than 7 calendar days from the current date, this is a finding.

Fix Text (F-48191r1_fix)
Update client machines via the Symantec Enterprise Console. If this fails to update the client, update the antivirus signature file as local process describes (e.g., auto update or LiveUpdate).