Check: ENS-EP-000003
Trellix ENS 10.x STIG:
ENS-EP-000003
(in versions v3 r2 through v2 r9)
Title
(U) The ENS Windows Data Execution Prevention must be enabled. (Cat II impact)
Discussion
(U) For antivirus software to be effective it must be running at all times beginning from the point of the system's initial startup. Otherwise the risk is greater for viruses, trojans, and other malware infecting the system during that startup phase.
Check Content
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select “Endpoint Protection Threat Prevention” from the Product list. From the Category list, select “Exploit Prevention”. Select each configured “Exploit Prevention” policy. Verify the Threat Prevention >> Exploit Prevention >> “Enable Windows Data Execution Prevention” check box is selected. If the Threat Prevention >> Exploit Prevention >> “Enable Windows Data Execution Prevention” check box is not selected, this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select "Endpoint Protection Threat Prevention" from the Product list. From the Category list, select "Exploit Prevention". Select each configured "Exploit Prevention" policy. Select the check box for the Threat Prevention >> Exploit Prevention >> "Enable Windows Data Execution Prevention". Click "Save".
Additional Identifiers
Rule ID: SV-230207r1022742_rule
Vulnerability ID: V-230207
Group Title: SRG-APP-000272
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001247 |
The information system automatically updates malicious code protection mechanisms. |
CCI-004964 |
Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy. |
Controls
Number | Title |
---|---|
SI-3(2) |
Automatic Updates |