Check: ENS-FW-000002
Trellix ENS 10.x STIG:
ENS-FW-000002
(in versions v3 r2 through v3 r1)
Title
(CUI) The ENS Firewall Status Control setting must be configured to prevent users from disabling the firewall from the system tray. (Cat II impact)
Discussion
(CUI) A host-based firewall scans all incoming and outgoing traffic. As it reviews arriving or departing traffic, the firewall checks its list of rules, which is a set of criteria with associated actions. If the traffic matches all criteria in a rule, the firewall acts according to the rule, blocking or allowing traffic through. Allowing an end user to disable the firewall from the system tray introduces vulnerabilities.
Check Content
(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog. Select “Endpoint Security Firewall” from the Product list. From the Category list, select Options >> Firewall Status Control. Verify the “Allow users to disable Firewall from the McAfee system icon tray” is unselected. If the “Allow users to disable Firewall from the McAfee system icon tray” is selected, this is a finding.
Fix Text
(CUI) Select Menu >> Policy >> Policy Catalog. Select "Endpoint Security Firewall" from the Product list. From the Category list, select Options >> Firewall Status Control. Deselect “Allow users to disable Firewall from the McAfee system icon tray”. Click "Save".
Additional Identifiers
Rule ID: SV-230197r1022735_rule
Vulnerability ID: V-230197
Group Title: SRG-APP-000272
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001247 |
The information system automatically updates malicious code protection mechanisms. |
CCI-004964 |
Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy. |
Controls
Number | Title |
---|---|
SI-3(2) |
Automatic Updates |