An error occurred:

Check: ENS-CO-000101

Trellix ENS 10.x STIG: ENS-CO-000101 (in versions v2 r14 through v2 r5)

Title

(U) The Trellix ENS Common Options must be configured with Lock Client Interface or Standard Access with a password other than default. (Cat I impact)

Discussion

(U) The client interface is a method for accessing and configuring Trellix ENS policies and configurations directly on the system. In "Standard" mode, most protection statuses and features are accessible to users with Administrators privileges and require a password to view or change settings. In "Standard" mode, users without Administrator privileges will have the ability to get information about the Trellix products installed, check for updates, view the event log, get help and access the FAQ and support pages. Non-administrators can't view or change configuration settings on the Settings page. The "Lock client interface" mode requires a password to access the client. Once password is entered, all users have access to the whole interface. If the client interface is not in the locked mode, users could potentially change the protection settings.

Check Content

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Common". From the "Category" list, select "Options". Select each configured Options policy. Verify the Client Interface Mode >> "Standard Access (Windows & Mac only)" or "Lock Client Interface (Windows & Mac only)" is selected. Verify the password and confirm password fields have dots all the way across. If the default password was not changed, the dots would not appear in the password fields. If Client Interface Mode >> "Standard Access (Windows & Mac only)" or "Lock Client Interface (Windows & Mac only)" is not selected or the password fields do not show dots, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog. From the "Product" list, select "Endpoint Security Common". From the "Category" list, select "Options". Select each configured Options policy. Select Client Interface Mode >> "Standard Access (Windows & Mac only)" or "Lock Client Interface (Windows & Mac only)" Click "Save".

Additional Identifiers

Rule ID: SV-228224r944434_rule

Vulnerability ID: V-228224

Group Title: SRG-APP-000516

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings