Title

(U) The Trellix ENS Threat Prevention On-Access Scan must be enabled. (Cat I impact)

Discussion

(U) For antivirus software to be effective, it must be running at all times, beginning from the point of the system's initial startup. Otherwise, the risk is greater for viruses, trojans, and other malware to infect the system during that startup phase.

Check Content

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Verify the On-Access Scan >> "Enable On-Access Scan" check box is selected. If the On-Access Scan >> "Enable On-Access Scan" check box is not selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Select the On-Access Scan >> "Enable On-Access Scan" check box. Click "Save".

Additional Identifiers

Rule ID: SV-228237r944462_rule

Vulnerability ID: V-228237

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.