An error occurred:

Check: ENS-TP-000229

Trellix ENS 10.x Local Client STIG: ENS-TP-000229 (in versions v2 r3 through v1 r6)

Title

(U) The Trellix ENS Threat Prevention On-Demand Scan must be configured to scan all fixed or local disks, running processes, and memory for rootkits. (Cat II impact)

Discussion

(U) Antivirus software is the most commonly used technical control for malware threat mitigation. Antivirus software on hosts should be configured to scan all hard drives regularly to identify any file system infections and to scan any removable media, if applicable, before media is inserted into the system. Not scheduling a regular scan of a system's hard drives and/or not configuring the scan to scan all files and running processes introduces a higher risk of threats going undetected.

Check Content

(U) In the system tray, right-click the Trellix icon and select "Trellix Endpoint Security". Click the drop-down in the upper right corner of the "Trellix Endpoint Security" window and select "Settings". (This may require Administrator logon.) In the "Settings" pop-up, click "Threat Prevention" on the left side. Click the "Show Advanced" button. Under "On-Demand Scan", select the "Full Scan" tab. Verify "All local drives" and/or "All fixed drives" is listed, and verify "Running processes" and "Memory for rootkits" are listed in the "Locations" table. If "All local drives" and/or "All fixed drives" and "Running processes" and "Memory for rootkits" are not selected, this is a finding.

Fix Text

(U) In the system tray, right-click the Trellix icon and select "Trellix Endpoint Security". Click the drop-down in the upper right corner of the "Trellix Endpoint Security" window and select "Settings". (This may require Administrator logon.) In the "Settings" pop-up, click "Threat Prevention" on the left side. Click the "Show Advanced" button. Under "On-Demand Scan", select the "Full Scan" tab. Add "All local drives" or "All fixed drives", "Running processes", and "Memory for rootkits" to the "Locations" table.

Additional Identifiers

Rule ID: SV-252813r961191_rule

Vulnerability ID: V-252813

Group Title: SRG-APP-000277

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001241

Configure malicious code protection mechanisms to perform periodic scans of the system on an organization-defined frequency.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection