Trend Deep Security must be configured to perform real-time malicious code protection scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-65945	TMDS-00-000215	SV-80435r1_rule		Medium

Description
Malicious code protection mechanisms include, but are not limited, to, anti-virus and malware detection software. In order to minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated. Malicious code includes viruses, worms, Trojan horses, and Spyware. It is not enough to simply have the software installed; this software must periodically scan the system to search for malware on an organization-defined frequency. This requirement applies to applications providing malicious code protection.

Description

Malicious code protection mechanisms include, but are not limited, to, anti-virus and malware detection software. In order to minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated. Malicious code includes viruses, worms, Trojan horses, and Spyware. It is not enough to simply have the software installed; this software must periodically scan the system to search for malware on an organization-defined frequency. This requirement applies to applications providing malicious code protection.

STIG	Date
Trend Micro Deep Security 9.x Security Technical Implementation Guide	2016-02-26

Details

Check Text ( C-66593r1_chk )
Review the Trend Deep Security server to ensure real-time malicious code protection scans are performed on files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. Verify the Anti-Malware, Real-Time Scan is enabled by reviewing the following settings under the “Policies” tab. Under “Policies” right click and select “Details” and choose “Anti-Malware. Review the following settings: Anti-Malware State is set to “On” and the “Real-Time Scan” is set to “Default.” If the two settings are not configured accordingly, this is a finding.

Check Text ( C-66593r1_chk )

Review the Trend Deep Security server to ensure real-time malicious code protection scans are performed on files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Verify the Anti-Malware, Real-Time Scan is enabled by reviewing the following settings under the “Policies” tab. Under “Policies” right click and select “Details” and choose “Anti-Malware.

Review the following settings: Anti-Malware State is set to “On” and the “Real-Time Scan” is set to “Default.”

If the two settings are not configured accordingly, this is a finding.

Fix Text (F-72021r1_fix)
Configure the Trend Deep Security server to perform real-time malicious code protection scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. To enable malicious code protection via the anti-malware, configure the following settings under the “Policies” tab. Under “Policies” right clicking and selecting “Details.” Configure the following settings: 1. Under the Overview >> General tab, set "Anti-Malware" to “On” 2. Under the Anti-Malware >> General tab, set “Real-Time Scan” to “Default”. Click “OK” when finished.

Fix Text (F-72021r1_fix)

Configure the Trend Deep Security server to perform real-time malicious code protection scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

To enable malicious code protection via the anti-malware, configure the following settings under the “Policies” tab.
Under “Policies” right clicking and selecting “Details.” Configure the following settings:

1. Under the Overview >> General tab, set "Anti-Malware" to “On”
2. Under the Anti-Malware >> General tab, set “Real-Time Scan” to “Default”. Click “OK” when finished.