Title

(U) The Trellix ENS Common Options must be configured to disable the time-based client interface password. (Cat II impact)

Discussion

(U) The client interface is a method for accessing and configuring Trellix ENS policies and configurations directly on the system. Passwords unlock the client console and access troubleshooting control on Windows and non-Windows clients. When this policy is enabled on the client, the time-based password is activated and remains unlocked until it is closed. The client interface time-based password has an expiration date and time. The password is automatically generated and can be applied to a single system or all systems. Should this randomly generated password not be known or expired after it is deployed to clients and should the client become non-responsive to the ePO server, the client will not be able to be managed.

Check Content

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Common". From the "Category" list, select "Options". Select each configured Options policy. Click the "Show Advanced" button. Verify the Client Interface Mode >> "Time-Based Administrator Password" option is not selected. If the Client Interface Mode >> "Time-Based Administrator Password" option is selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Common". From the "Category" list, select "Options". Select each configured Options policy. Click the "Show Advanced" button. Deselect the Client Interface Mode >> "Time-Based Administrator Password" option. Click "Save".

Additional Identifiers

Rule ID: SV-228226r944438_rule

Vulnerability ID: V-228226

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.