An error occurred:

Check: ENS-TP-000210

Trellix ENS 10.x STIG: ENS-TP-000210 (in versions v2 r14 through v2 r5)

Title

(U) The Trellix ENS Threat Prevention On-Access Scan Threat Detection User Messaging must be configured to notify local users when detections occur. (Cat II impact)

Discussion

(U) An effective awareness program explains proper rules of behavior for use of an organization's IT systems and information. Accordingly, awareness programs should include guidance to users on malware incident prevention, which can help reduce the frequency and severity of malware incidents. Organizations should also make users aware of policies and procedures that apply to malware incident handling, such as how to identify if a host may be infected, how to report a suspected incident, and what users need to do to assist with incident handling. Ensuring the antivirus software alerts the users when malware is detected will ensure the user is informed of the incident and be able to more closely relate the incident to actions being performed by the user at the time of the detection.

Check Content

(U) NOTE: For non-Windows systems, this is Not Applicable Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Click the "Show Advanced" button. Verify Threat Detection User Messaging >> "Display the On-Access Scan window to users when a threat is detected" check box is selected. If Threat Detection User Messaging >> "Display the On-Access Scan window to users when a threat is detected" check box is not selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Click the "Show Advanced" button. Select the Threat Detection User Messaging >> "Display the On-Access Scan window to users when a threat is detected" check box. Click "Save".

Additional Identifiers

Rule ID: SV-228244r944471_rule

Vulnerability ID: V-228244

Group Title: SRG-APP-000278

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001242

The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection