An approved DoD virus scan program must be used and kept updated.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-1074	WN08-GE-000002	SV-48017r1_rule	ECVP-1	High

Description
Virus scan programs are a primary line of defense against the introduction of viruses and malicious code that can destroy data and even render a computer inoperable. Utilizing the most current virus scan program provides the ability to detect this malicious code before extensive damage occurs. Updated virus scan data files help protect a system, as new malware is identified by the software vendors on a regular basis.

Description

Virus scan programs are a primary line of defense against the introduction of viruses and malicious code that can destroy data and even render a computer inoperable. Utilizing the most current virus scan program provides the ability to detect this malicious code before extensive damage occurs. Updated virus scan data files help protect a system, as new malware is identified by the software vendors on a regular basis.

STIG	Date
Windows 8 Security Technical Implementation Guide	2014-01-07

Details

Check Text ( C-44755r2_chk )
If one of the following products is not installed and supported at an appropriate maintenance level, this is a finding: McAfee VirusScan Enterprise Version 8.8 Patch 3 or later Symantec Endpoint Protection (SEP) 12.1 Release Update 2 or later If the antivirus program signature file is not dated within the past 7 days, this is a finding. The version numbers and the date of the signature file can generally be checked by starting the antivirus program from the toolbar icon or from the Start menu. The information may appear in the antivirus window or be available in the Help > About window. The location varies from product to product. Email versions of antivirus software are not acceptable as protection for Windows operating systems. However, both the email antivirus software and the operating system antivirus software can coexist and run on the same system. If another recognized antivirus product is installed and has a current signature file, this would still be a finding; however, the severity code may be reduced to a Category III.

Check Text ( C-44755r2_chk )

If one of the following products is not installed and supported at an appropriate maintenance level, this is a finding:

McAfee VirusScan Enterprise Version 8.8 Patch 3 or later
Symantec Endpoint Protection (SEP) 12.1 Release Update 2 or later

If the antivirus program signature file is not dated within the past 7 days, this is a finding.

The version numbers and the date of the signature file can generally be checked by starting the antivirus program from the toolbar icon or from the Start menu. The information may appear in the antivirus window or be available in the Help > About window. The location varies from product to product.

Email versions of antivirus software are not acceptable as protection for Windows operating systems. However, both the email antivirus software and the operating system antivirus software can coexist and run on the same system.

If another recognized antivirus product is installed and has a current signature file, this would still be a finding; however, the severity code may be reduced to a Category III.

Fix Text (F-41155r1_fix)
Configure the system with supported, DoD-approved virus scanning software. Ensure the signature file is current.