Check: ENS-TP-000241
Trellix ENS 10.x STIG:
ENS-TP-000241
(in versions v2 r14 through v2 r7)
Title
(U) The Trellix ENS Threat Prevention Access Protection must be configured to prevent remote creation of autorun files. (Cat II impact)
Discussion
(U) Autorun files are used to automatically launch program files, typically setup files from CDs. Preventing other computers from making a connection and creating or altering autorun.inf files can prevent spyware and adware from being executed. Many spyware and virus programs are distributed on CDs.
Check Content
(U) NOTE: This requirement is Not Applicable to Linux systems. Access the ePO server console. Select Menu >> Policy >> Policy Catalog. From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "Access Protection". Select each configured Access Protection policy. Verify Access Protection >> Rules >> Remotely creating autorun files is configured to "block". If Access Protection >> Rules >> Remotely creating autorun files is not configured to "block", this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog. From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "Access Protection". Select each configured Access Protection policy. Configure Access Protection >> Rules >> Remotely creating autorun files to "block". Click "Save".
Additional Identifiers
Rule ID: SV-228274r944503_rule
Vulnerability ID: V-228274
Group Title: SRG-APP-000278
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001242 |
The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. |
Controls
| Number | Title |
|---|---|
| SI-3 |
Malicious Code Protection |