Tanium Server processes must be excluded from on-access scan.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-254956 | TANS-AP-001430 | SV-254956r867768_rule | Medium |
| Description |
|---|
| Similar to any other host-based applications, the Tanium Server is subject to the restrictions other system-level software may place on an operating environment. Antivirus, IPS, Encryption, or other security and management stack software may disallow the Tanium Server from working as expected. https://docs.tanium.com/client/client/requirements.html#Host_system_security_exceptions |
| STIG | Date |
|---|---|
| Tanium 7.x Application on TanOS Security Technical Implementation Guide | 2022-10-31 |
Details
| Check Text ( C-58569r867766_chk ) |
|---|
| Review the settings of the antivirus software. Validate exclusions exist that exclude the Tanium Server process interactions from on-access scans and are treated as low-risk. If exclusions do not exist, this is a finding. |
| Fix Text (F-58513r867767_fix) |
|---|
| Implement exclusion policies within the antivirus software solution to exclude the on-access scanning of Tanium Server process interactions. These processes should be treated as low-risk and not scanned during read or write events. |