Check: ENS-TP-000232
Trellix ENS 10.x STIG:
ENS-TP-000232
(in versions v2 r14 through v2 r5)
Title
(U) The Trellix ENS Threat Prevention On-Demand Scan Actions Threat detection first response must be configured to clean files. (Cat II impact)
Discussion
(U) Malware may have infected a file that is necessary to the user. By configuring the antivirus software to first attempt cleaning the infected file, availability to the file is not sacrificed. If a cleaning attempt is not successful, however, deleting the file is the only safe option to ensure the malware is not introduced onto the system or network.
Check Content
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Verify "Clean files" is selected for Actions >> "Threat detection first response". If "Clean files" is not selected for the Action "Threat detection first response", this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Select "Clean files" for Actions >> "Threat detection first response". Click "Save".
Additional Identifiers
Rule ID: SV-228266r944496_rule
Vulnerability ID: V-228266
Group Title: SRG-APP-000279
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001243 |
The organization configures malicious code protection mechanisms to perform organization-defined action(s) in response to malicious code detection. |
Controls
Number | Title |
---|---|
SI-3 |
Malicious Code Protection |