Check: ENS-EP-000002
Trellix ENS 10.x STIG:
ENS-EP-000002
(in versions v3 r2 through v2 r9)
Title
(U) The ENS Generic Privilege Escalation Prevention must be enabled. (Cat II impact)
Discussion
(U) For antivirus software to be effective it must be running at all times beginning from the point of the system's initial startup. Otherwise the risk is greater for viruses, trojans, and other malware infecting the system during that startup phase.
Check Content
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select “Endpoint Protection Threat Prevention” from the Product list. From the Category list, select “Exploit Prevention”. Select each configured “Exploit Prevention” policy. Verify the Threat Prevention >> Exploit Prevention >> “Enable Generic Privilege Escalation Prevention” check box is selected. If the Threat Prevention >> Exploit Prevention >> “Enable Generic Privilege Escalation Prevention” check box is not selected, this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select "Endpoint Protection Threat Prevention" from the Product list. From the Category list, select "Exploit Prevention". Select each configured "Exploit Prevention" policy. Select the Threat Prevention >> Exploit Prevention >> "Enable Generic Privilege Escalation Prevention" check box. Click "Save".
Additional Identifiers
Rule ID: SV-230206r1022741_rule
Vulnerability ID: V-230206
Group Title: SRG-APP-000272
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001247 |
The information system automatically updates malicious code protection mechanisms. |
CCI-004964 |
Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy. |
Controls
Number | Title |
---|---|
SI-3(2) |
Automatic Updates |