Title

(U) The Trellix ENS Threat Prevention On-Access Scan must be configured to scan when copying from network folders and removable drives. (Cat II impact)

Discussion

(U) Antivirus software is the mostly commonly used technical control for malware threat mitigation. Antivirus software on hosts should be configured to scan all hard drives regularly to identify any file system infections and to scan any removable media, if applicable, before media is inserted into the system. Not scheduling a regular scan of a system's hard drives and/or not configuring the scan to scan all files and running processes introduces a higher risk of threats going undetected.

Check Content

(U) Note: For Classified networks, this requirement is Not Applicable. In the system tray, right-click the Trellix icon and select "Trellix Endpoint Security". Click the drop-down in the upper right corner of the "Trellix Endpoint Security" window and select "Settings". (This may require Administrator logon.) In the "Settings" pop-up, click "Threat Prevention" on the left side. Click the "Show Advanced" button. Verify "On-Access Scan: Scan when copying from network folders and removable drives" is selected. If "On-Access Scan: Scan when copying from network folders and removable drives" is not selected, this is a finding.

Fix Text

(U) In the system tray, right-click the Trellix icon and select "Trellix Endpoint Security". Click the drop-down in the upper right corner of the "Trellix Endpoint Security" window and select "Settings". (This may require Administrator logon.) In the "Settings" pop-up, click "Threat Prevention" on the left side. Click the "Show Advanced" button. Enable "On-Access Scan: Scan when copying from network folders and removable drives".

Additional Identifiers

Rule ID: SV-252792r1026129_rule

Vulnerability ID: V-252792

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.