Title

(U) The Trellix ENS Threat Prevention On-Access Scan must be configured to scan when copying from network folders and removable drives. (Cat II impact)

Discussion

(U) Antivirus software is the mostly commonly used technical control for malware threat mitigation. Antivirus software on hosts should be configured to scan all hard drives regularly to identify any file system infections and to scan any removable media, if applicable, before media is inserted into the system. Not scheduling a regular scan of a system's hard drives and/or not configuring the scan to scan all files and running processes introduces a higher risk of threats going undetected.

Check Content

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Verify On-Access Scan >> "Scan when copying from network folders and removable drives" is selected. If On-Access Scan >> "Scan when copying from network folders and removable drives" is not selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Select the On-Access Scan >> "Scan when copying from network folders and removable drives" option. Click "Save".

Additional Identifiers

Rule ID: SV-228242r944467_rule

Vulnerability ID: V-228242

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.