Check: ENS-TP-000242
Trellix ENS 10.x STIG:
ENS-TP-000242
(in versions v2 r14 through v2 r5)
Title
(U) The Trellix ENS Threat Prevention Access Protection must be configured to enable access protection. (Cat II impact)
Discussion
(U) Access Protection rules are configured to protect endpoint systems from unwanted changes. Rules can be configured to disallow browsers from launching files from the download location, changes made to registry keys, executable files, etc. Without Access Protection rules, malware has the opportunity to make changes to the system and take control.
Check Content
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "Access Protection". Select each configured Access Protection policy. Verify Access Protection >> "Enable Access Protection" is selected. If Access Protection >> "Enable Access Protection" is not selected, this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "Access Protection". Select each configured Access Protection policy. Select the Access Protection >> "Enable Access Protection" option. Click "Save".
Additional Identifiers
Rule ID: SV-228275r944504_rule
Vulnerability ID: V-228275
Group Title: SRG-APP-000278
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001242 |
The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. |
Controls
| Number | Title |
|---|---|
| SI-3 |
Malicious Code Protection |