The Symantec Endpoint Protection client Auto-Protect File Types options must be configured to scan all files.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-42632 | DTASEP012 | SV-55360r1_rule | Medium |
| Description |
|---|
| When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware. |
| STIG | Date |
|---|---|
| Symantec Endpoint Protection 12.1 Managed Client Antivirus | 2015-07-08 |
Details
| Check Text ( C-48903r1_chk ) |
|---|
| Server check: From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Protection Technology, select Auto-Protect -> Select the Scan Details tab -> Under Scanning, File types -> Ensure "Scan all files" is selected. Criteria: If "Scan all files" is not selected, this is a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: 32 bit: HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan 64 bit: HKLM\SOFTWARE\Wow632Node\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan Criteria: If the value of FileType is not 0, this is a finding. |
| Fix Text (F-48216r1_fix) |
|---|
| From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Protection Technology, select Auto-Protect -> Select the Scan Items tab -> Under Scanning, File types -> Select "Scan all files". |