Title

(U//FOUO) The HIP policy must include McAfee Host Intrusion Prevention content 5013. (Cat II impact)

Discussion

Check Content

(U//FOUO) The McAfee Host Intrusion Prevention Content 5013 Release Notes should be researched to understand the signatures that are included and to be able to verify that the signature content is present in the HIP:IPS policy signature list. From the ePO server console, select Menu > Systems > System Tree. Select the asset to be checked, then select "Assigned Policies", followed by "Host Intrusion Prevention 8: IPS" from the product list. From the "IPS Rules" category, select the "View Effective Policy" hyperlink. Select the “Signatures” tab. After researching the Host Intrusion Prevention Content 5013 release notes, verify that all signatures listed are present in the policy signature list. If all signatures contained in the Host Intrusion Prevention Content 5013 are not present in the policy signature list, this is a finding. Note: If H36400 is a finding, this is check should also be considered a finding.

Fix Text

(U//FOUO) Install the Host Intrusion Prevention Content 5013 update package.

Additional Identifiers

Rule ID: SV-55942r2_rule

Vulnerability ID: V-43198

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.