Navigate

Check: ENS-TP-000230

Trellix ENS 10.x STIG: ENS-TP-000230 (in versions v2 r14 through v2 r5)

Title

(U) The Trellix ENS Threat Prevention On-Demand Scan must be configured to scan all files. (Cat II impact)

Discussion

(U) When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware.

Check Content

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Verify File Types to Scan >> "All Files" is selected. If File Types to Scan >> "All Files" is not selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Select the File Types to Scan >> "All Files" option. Click "Save".

Additional Identifiers

Rule ID: SV-228264r944494_rule

Vulnerability ID: V-228264

Group Title: SRG-APP-000277

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001241	The organization configures malicious code protection mechanisms to perform periodic scans of the information system on an organization-defined frequency.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
SI-3	Malicious Code Protection