Title

(U//FOUO) The HIPS policy includes the signature for protection of the ePO registry. (Cat II impact)

Discussion

Check Content

(U//FOUO) This check needs to be completed for the policy that is assigned to the ePO server. This check needs to be completed for the policy that is assigned to the ePO server. Select the asset to be checked, then select "Assigned Policies", followed by "Host Intrusion Prevention 7:IPS" from the product list. From the "IPS Rules" category, select the "View Effective Policy" hyperlink. Select the "Signatures" tab. Verify the signature of “Protect ePO Registry” is present and select the "View" hyperlink. In addition to the signature being present, the “Severity level” must be set to High, “Log status” must be set to "Enable logging", and the “Allow creation of client rules” setting must be disabled. If the signature is not present or the properties are set incorrectly, this is a finding.

Fix Text

(U//FOUO) Install the "Protect ePO Registry" signature and set it as follows: “Severity level” set to High, “Log status” set to "Enable logging", and the “Allow creation of client rules” setting is disabled.

Additional Identifiers

Rule ID: SV-15171r3_rule

Vulnerability ID: V-14553

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.