Title

(U) The Trellix ENS On-Demand Full Scan must be scheduled to be executed at least on a weekly basis. (Cat II impact)

Discussion

(U) Antivirus software is the mostly commonly used technical control for malware threat mitigation. Antivirus software on hosts should be configured to scan all hard drives regularly to identify any file system infections and to scan any removable media, if applicable, before media is inserted into the system. Not scheduling a regular scan of a system's hard drives and/or not configuring the scan to scan all files and running processes introduces a higher risk of threats going undetected.

Check Content

(U) Access the ePO server console. Select "Assigned Client Tasks". From the list of available tasks in the "Task Name" column, with the assistance of the ePO SA, identify the weekly on-demand scan task with a Task Type of "Policy Based On-Demand Scan". Verify the status is "Enabled". Select "Edit Assignment" in the "Actions" column. In the "Task to Schedule:" area, verify the Product is "Endpoint Security Threat Prevention" and the Task Type is "Policy based on-demand scan". Select the "Summary" tab. Locate the "Schedule:" label. Ensure the Status is "Enabled" and the Type is at least "Weekly". If the "Scheduled Status:" is "Enabled" and the "Schedule Type:" is at least "Weekly", this is not a finding.

Fix Text

(U) Access the ePO server console. Select "Assigned Client Tasks". Create a Threat Prevention >> "On-Demand Scan" task configured to execute at least "weekly". Apply task to all managed assets.

Additional Identifiers

Rule ID: SV-228255r944484_rule

Vulnerability ID: V-228255

Group Title: SRG-APP-000277

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.