Title

(U//FOUO) The HIPS trusted application list must be reviewed against the machine’s expected baseline. (Cat II impact)

Discussion

Check Content

Note: The intent of this check is to ensure only known and trusted applications are allowed to run on a system. From the ePO server console, select the asset to be checked, then select Actions >> Agent >> Modify Policies on a Single System. Select “Host Intrusion Prevention 7: General” from the product list. From the “Trusted Applications” category, select “View Effective Policy”. Ask the SA if all the applications listed are required for this asset. If there are any trusted applications listed that are not part of the known baseline for the machine, this is a finding. Note: The McAfee Default Policy for Trusted Applications is updated when content is updated. McAfee recommends that this policy always be applied to make sure protection is as up to date as possible. Any applications in the listed effective policy that are from the McAfee Default policy are and should be always permitted.

Fix Text

(U//FOUO) Baseline the machine and ensure that the trusted applications for the machine match the baseline.

Additional Identifiers

Rule ID: SV-15160r2_rule

Vulnerability ID: V-14542

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.