An error occurred:

Check: ENS-TP-000224

Trellix ENS 10.x STIG: ENS-TP-000224 (in versions v3 r2 through v2 r5)

Title

(U) The Trellix ENS Threat Prevention On-Demand Scan must be configured to scan inside archives. (Cat II impact)

Discussion

(U) Malware is often packaged within an archive. In addition, archives might have other archives within them. Not scanning archive files introduces the risk of infected files being introduced into the environment.

Check Content

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Verify What to Scan >> "Compressed archive files" is selected. If What to Scan >> "Compressed archive files" is not selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Select the What to Scan >> "Compressed archive files" option. Click "Save".

Additional Identifiers

Rule ID: SV-228258r961191_rule

Vulnerability ID: V-228258

Group Title: SRG-APP-000277

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001241

Configure malicious code protection mechanisms to perform periodic scans of the system on an organization-defined frequency.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection