Check: ENS-TP-000224
Trellix ENS 10.x STIG:
ENS-TP-000224
(in versions v2 r14 through v2 r5)
Title
(U) The Trellix ENS Threat Prevention On-Demand Scan must be configured to scan inside archives. (Cat II impact)
Discussion
(U) Malware is often packaged within an archive. In addition, archives might have other archives within them. Not scanning archive files introduces the risk of infected files being introduced into the environment.
Check Content
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Verify What to Scan >> "Compressed archive files" is selected. If What to Scan >> "Compressed archive files" is not selected, this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Select the What to Scan >> "Compressed archive files" option. Click "Save".
Additional Identifiers
Rule ID: SV-228258r944487_rule
Vulnerability ID: V-228258
Group Title: SRG-APP-000277
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001241 |
The organization configures malicious code protection mechanisms to perform periodic scans of the information system on an organization-defined frequency. |
Controls
| Number | Title |
|---|---|
| SI-3 |
Malicious Code Protection |