Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Symantec Endpoint Protection client User-defined Exceptions option must not be configured to exclude any files from scanning unless exclusions have been documented with, and approved by, the IAO/IAM.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-42610 | DTASEP002 | SV-55338r1_rule | Medium |
| Description |
|---|
| When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware. |
| STIG | Date |
|---|---|
| Symantec Endpoint Protection 12.1 Managed Client Antivirus | 2015-07-08 |
Details
| Check Text ( C-48891r1_chk ) |
|---|
| On the client machine, locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen -> Select "Change Settings" on the left side of the screen -> Select "Configure Settings" for Exceptions -> Ensure there are not any User-defined Exceptions listed that are not documented with, and approved by, the IAO/IAM. Criteria: If any User-defined Exceptions are listed, and not documented with, and approved by, the IAO/IAM, this is a finding. |
| Fix Text (F-48192r1_fix) |
|---|
| On the client machine, locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen -> Select the "Change Settings" on the left side of the screen -> Select "Configure Settings" for Exceptions. Remove any User-defined Exceptions that are not documented with, and approved by, the IAO/IAM. |