Title

(U) The McAfee ENS Threat Prevention Options must be configured to enable McAfee GTI feedback when performing Proactive Data Analysis. (Cat II impact)

Discussion

(U) McAfee GTI is a global Internet reputation intelligence system that determines what is good and bad behavior on the Internet. McAfee GTI uses real-time analysis of worldwide behavioral and sending patterns for email, web activity, malware, and system-to-system behavior. Using data collected from the analysis, GTI dynamically calculates reputation scores that represent the level of risk to a network. McAfee GTI Proactive Data Analysis sends anonymous diagnostic and usage data to McAfee. GTI feedback enables McAfee GTI-based telemetry feedback to collect anonymized data on files and processes executing on the endpoint system.

Check Content

(U) NOTE: For Classified networks, this requirement is Not Applicable. Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "Options". Select each configured Options policy. Click the "Show Advanced" button. Verify "Proactive Data Analysis:McAfee GTI feedback" is selected. If "Proactive Data Analysis:McAfee GTI feedback" is not selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "Options". Select each configured Options policy. Click the "Show Advanced" button. Select the "Proactive Data Analysis:McAfee GTI feedback" option. Click "Save".

Additional Identifiers

Rule ID: SV-228234r879664_rule

Vulnerability ID: V-228234

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.