Title

(U) The Trellix ENS Threat Prevention On-Demand Scan must be configured to detect unknown program threats. (Cat II impact)

Discussion

(U) Due to the ability of malware to mutate after infection, standard antivirus signatures may not be able to catch new strains or variants of the malware. Typically, these strains and variants will share unique characteristics with others in their virus family. By using a generic signature to detect the shared characteristics, using wildcards where differences lie, the generic signature can detect viruses even if they are padded with extra meaningless code. This method of detection is heuristic detection.

Check Content

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Verify Additional Scan Options >> "Detect unknown program threats" is selected. If Additional Scan Options >> "Detect unknown program threats" is not selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Select the Additional Scan Options >> "Detect unknown program threats" option. Click "Save".

Additional Identifiers

Rule ID: SV-228260r944489_rule

Vulnerability ID: V-228260

Group Title: SRG-APP-000277

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.