Title

(U) The ENS Windows Data Execution Prevention must be enabled. (Cat II impact)

Discussion

(U) For antivirus software to be effective it must be running at all times beginning from the point of the system's initial startup. Otherwise the risk is greater for viruses, trojans, and other malware infecting the system during that startup phase.

Check Content

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select “Endpoint Protection Threat Prevention” from the Product list. From the Category list, select “Exploit Prevention”. Select each configured “Exploit Prevention” policy. Verify the Threat Prevention >> Exploit Prevention >> “Enable Windows Data Execution Prevention” check box is selected. If the Threat Prevention >> Exploit Prevention >> “Enable Windows Data Execution Prevention” check box is not selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select "Endpoint Protection Threat Prevention" from the Product list. From the Category list, select "Exploit Prevention". Select each configured "Exploit Prevention" policy. Select the check box for the Threat Prevention >> Exploit Prevention >> "Enable Windows Data Execution Prevention". Click "Save".

Additional Identifiers

Rule ID: SV-230207r879659_rule

Vulnerability ID: V-230207

Group Title: SRG-APP-000272

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.