Title

(U) The Trellix ENS Threat Prevention On-Access Scan must be configured with Trellix Decide trust logic. (Cat II impact)

Discussion

(U) Antivirus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are written to disk is a crucial first line of defense from malware attacks. "Let Trellix Decide" trust logic improves security and boosts performance by avoiding unnecessary scans.

Check Content

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog. From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Click the "Show Advanced" button. Verify Process Settings >> Process Types >> Standard >> "When to scan:Let Trellix decide" is selected. If Process Settings >> Process Types >> Standard >> "When to scan:Let Trellix decide" is not selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog. From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Click the "Show Advanced" button. Select the Process Settings >> Process Types >> Standard >> "When to scan:Let Trellix decide" option. Click "Save".

Additional Identifiers

Rule ID: SV-228246r1022719_rule

Vulnerability ID: V-228246

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.