An approved DOD virus scan program is not used and/or updated.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-1074	5.007	SV-29470r1_rule	ECVP-1	High

Description
This is a Category 1 finding because Virus scan programs are a primary line of defense against the introduction of viruses and malicious code that can destroy data and even render a computer inoperable. Utilizing the most current virus scan program provides the ability to detect this malicious code before extensive damage occurs. Updated virus scan data files can help protect a system, because new viruses are identified by the software vendors on a monthly basis.

Description

This is a Category 1 finding because Virus scan programs are a primary line of defense against the introduction of viruses and malicious code that can destroy data and even render a computer inoperable. Utilizing the most current virus scan program provides the ability to detect this malicious code before extensive damage occurs. Updated virus scan data files can help protect a system, because new viruses are identified by the software vendors on a monthly basis.

STIG	Date
Windows 2008 Domain Controller Security Technical Implementation Guide	2013-07-03

Details

Check Text ( C-519r1_chk )
Note: The Gold Disk checks for McAfee and Symantec Antivirus, corporate and client editions. Due to variation of installations, manual checks may be required for verifying antivirus compliance. V0019910 has been added as part of the Desktop STIG Update which specifically looks at McAfee and Symantec AV signature files. If you have these programs, address them with that requirement and mark this one as N/A. If none of the following products are installed and supported at an appropriate maintenance level, then this is a finding: Symantec Antivirus at the following level is not installed: Corporate Edition Version 9.0.6 or higher Corporate Edition Version 10.x or higher Endpoint Protection Version 11.0 or higher McAfee’s Antivirus Version 8.0 or higher is not installed. And The antivirus signature file is out of date. If the anti virus program signature file is not dated within the past 7 days, then this is a finding. Note: The version numbers and the date of the signature file can generally be checked by starting the antivirus program from the toolbar icon or from the Start menu. The information may appear in the antivirus window or be available in the Help > About window. The location varies from product to product. Note: E-mail versions of antivirus software are not acceptable as protection for Windows operating systems. However, both the e-mail antivirus software and the operating system antivirus software can coexist and run on the same system. Documentable Explanation: If a recognized antivirus product, such as Innoculator or another product is installed and has a current signature file, then this would still be a finding, but the severity code should be reduced to a Category III.

Check Text ( C-519r1_chk )

Note: The Gold Disk checks for McAfee and Symantec Antivirus, corporate and client editions. Due to variation of installations, manual checks may be required for verifying antivirus compliance.

V0019910 has been added as part of the Desktop STIG Update which specifically looks at McAfee and Symantec AV signature files. If you have these programs, address them with that requirement and mark this one as N/A.

If none of the following products are installed and supported at an appropriate maintenance level, then this is a finding:

Symantec Antivirus at the following level is not installed:
Corporate Edition Version 9.0.6 or higher
Corporate Edition Version 10.x or higher
Endpoint Protection Version 11.0 or higher

McAfee’s Antivirus Version 8.0 or higher is not installed.

And
The antivirus signature file is out of date.
If the anti virus program signature file is not dated within the past 7 days, then this is a finding.

Note: The version numbers and the date of the signature file can generally be checked by starting the antivirus program from the toolbar icon or from the Start menu. The information may appear in the antivirus window or be available in the Help > About window. The location varies from product to product.

Note: E-mail versions of antivirus software are not acceptable as protection for Windows operating systems. However, both the e-mail antivirus software and the operating system antivirus software can coexist and run on the same system.

Documentable Explanation: If a recognized antivirus product, such as Innoculator or another product is installed and has a current signature file, then this would still be a finding, but the severity code should be reduced to a Category III.

Fix Text (F-5817r1_fix)
Configure the system with supported, DoD-approved virus scanning software. Ensure the signature file is current.